• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

You are here: Home / General Cyber Security News / Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
January 24, 2023

Golang Malware in DragonSpark Attacks

Organizations in East Asia are becoming targeted by a most likely Chinese-speaking actor dubbed DragonSpark though utilizing uncommon ways to go earlier security layers.

“The attacks are characterized by the use of the little acknowledged open resource SparkRAT and malware that tries to evade detection by way of Golang source code interpretation,” SentinelOne reported in an evaluation released right now.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A hanging aspect of the intrusions is the reliable use of SparkRAT to conduct a wide range of pursuits, together with thieving information, acquiring manage of an contaminated host, or jogging extra PowerShell guidelines.

The threat actor’s finish plans continue being unknown as however, despite the fact that espionage or cybercrime is possible to be the motive. DragonSpark’s ties to China stem from the use of the China Chopper web shell to deploy malware – a commonly utilised attack pathway amongst Chinese risk actors.

Furthermore, not only do the open up supply resources applied in the cyber assaults originate from builders or providers with hyperlinks to China, the instructure for staging the payloads are found in Taiwan, Hong Kong, China, and Singapore, some of which belong to respectable organizations.

The command-and-command (C2) servers, on the other hand, are situated in Hong Kong and the U.S., the cybersecurity organization reported.

Golang Malware

Original accessibility avenues entail compromising internet-uncovered web servers and MySQL database servers to fall the China Chopper web shell. The foothold is then leveraged to carry out lateral motion, privilege escalation, and malware deployment using open source equipment like SharpToken, BadPotato, and GotoHTTP.

Also sent to the hosts are personalized malware capable of executing arbitrary code and SparkRAT, a cross-platform remote access trojan that can operate program commands, manipulate documents and processes, and siphon information and facts of curiosity.

Yet another malware of be aware is the Golang-primarily based m6699.exe, which interprets at runtime the source code contained within it so as to fly under the radar and launch a shellcode loader that’s engineered to contact the C2 server for fetching and executing the up coming-phase shellcode.

“Chinese-speaking menace actors are recognized to often use open up source software in malicious strategies,” the scientists concluded.

“Because SparkRAT is a multi-system and feature-wealthy tool, and is consistently current with new features, we estimate that the RAT will continue being interesting to cybercriminals and other threat actors in the future.”

Discovered this post intriguing? Abide by us on Twitter  and LinkedIn to examine far more unique content material we publish.


Some components of this short article are sourced from:
thehackernews.com

Previous Post: «fbi says north korean hackers behind $100 million horizon bridge FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
  • FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
  • Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium
  • Up to 350,000 open source projects vulnerable to 15-year-old Python bug
  • Emotet Malware Makes a Comeback with New Evasion Techniques
  • Gartner: Zero Trust Won’t Mitigate Over Half of Attacks
  • ICO Offers Data Protection Advice to SMBs
  • Record-Breaking Year for DDoS Attacks Targeting Russia
  • Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability
  • Facebook Introduces New Features for End-to-End Encrypted Messenger App

Copyright © TheCyberSecurity.News, All Rights Reserved.