Security News > 2023 > January > Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers.
"The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne said in an analysis published today.
DragonSpark's ties to China stem from the use of the China Chopper web shell to deploy malware - a widely used attack pathway among Chinese threat actors.
Not only do the open source tools used in the cyber assaults originate from developers or companies with links to China, the instructure for staging the payloads are located in Taiwan, Hong Kong, China, and Singapore, some of which belong to legitimate businesses.
The foothold is then leveraged to carry out lateral movement, privilege escalation, and malware deployment using open source tools like SharpToken, BadPotato, and GotoHTTP. Also delivered to the hosts are custom malware capable of executing arbitrary code and SparkRAT, a cross-platform remote access trojan that can run system commands, manipulate files and processes, and siphon information of interest.
"Chinese-speaking threat actors are known to frequently use open source software in malicious campaigns," the researchers concluded.
- Clasiopa hackers use new Atharvan malware in targeted attacks (source)
- Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (source)
- Fortinet zero-day attacks linked to suspected Chinese hackers (source)
- Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack (source)
- Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies (source)
- Hackers use new IceBreaker malware to breach gaming companies (source)
- Google Fi data breach let hackers carry out SIM swap attacks (source)
- Malvertising attacks are distributing .NET malware loaders (source)
- Hackers weaponize Microsoft Visual Studio add-ins to push malware (source)
- Hackers backdoor Windows devices in Sliver and BYOVD attacks (source)