• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
chinese hackers utilize golang malware in dragonspark attacks to evade

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

You are here: Home / General Cyber Security News / Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
January 24, 2023

Organizations in East Asia are becoming targeted by a most likely Chinese-speaking actor dubbed DragonSpark though utilizing uncommon ways to go earlier security layers.

“The attacks are characterized by the use of the little acknowledged open resource SparkRAT and malware that tries to evade detection by way of Golang source code interpretation,” SentinelOne reported in an evaluation released right now.

A hanging aspect of the intrusions is the reliable use of SparkRAT to conduct a wide range of pursuits, together with thieving information, acquiring manage of an contaminated host, or jogging extra PowerShell guidelines.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The threat actor’s finish plans continue being unknown as however, despite the fact that espionage or cybercrime is possible to be the motive. DragonSpark’s ties to China stem from the use of the China Chopper web shell to deploy malware – a commonly utilised attack pathway amongst Chinese risk actors.

Furthermore, not only do the open up supply resources applied in the cyber assaults originate from builders or providers with hyperlinks to China, the instructure for staging the payloads are found in Taiwan, Hong Kong, China, and Singapore, some of which belong to respectable organizations.

The command-and-command (C2) servers, on the other hand, are situated in Hong Kong and the U.S., the cybersecurity organization reported.

Golang Malware

Original accessibility avenues entail compromising internet-uncovered web servers and MySQL database servers to fall the China Chopper web shell. The foothold is then leveraged to carry out lateral motion, privilege escalation, and malware deployment using open source equipment like SharpToken, BadPotato, and GotoHTTP.

Also sent to the hosts are personalized malware capable of executing arbitrary code and SparkRAT, a cross-platform remote access trojan that can operate program commands, manipulate documents and processes, and siphon information and facts of curiosity.

Yet another malware of be aware is the Golang-primarily based m6699.exe, which interprets at runtime the source code contained within it so as to fly under the radar and launch a shellcode loader that’s engineered to contact the C2 server for fetching and executing the up coming-phase shellcode.

“Chinese-speaking menace actors are recognized to often use open up source software in malicious strategies,” the scientists concluded.

“Because SparkRAT is a multi-system and feature-wealthy tool, and is consistently current with new features, we estimate that the RAT will continue being interesting to cybercriminals and other threat actors in the future.”

Discovered this post intriguing? Abide by us on Twitter  and LinkedIn to examine far more unique content material we publish.


Some components of this short article are sourced from:
thehackernews.com

Previous Post: «fbi says north korean hackers behind $100 million horizon bridge FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
Next Post: #DataPrivacyWeek: Consumers Already Concerned About AI’s Impact on Data Privacy Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.