CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

admin by admin
January 24, 2023
in Information Security


Jan 24, 2023Ravie LakshmananCyber Espionage / Golang

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers.

“The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation,” SentinelOne said in an analysis published today.

A striking aspect of the intrusions is the consistent use of SparkRAT to conduct a variety of activities, including stealing information, obtaining control of an infected host, or running additional PowerShell instructions.

The threat actor’s end goals remain unknown as yet, although espionage or cybercrime is likely to be the motive. DragonSpark’s ties to China stem from the use of the China Chopper web shell to deploy malware – a widely used attack pathway among Chinese threat actors.

Furthermore, not only do the open source tools used in the cyber assaults originate from developers or companies with links to China, the instructure for staging the payloads are located in Taiwan, Hong Kong, China, and Singapore, some of which belong to legitimate businesses.

The command-and-control (C2) servers, on the other hand, are situated in Hong Kong and the U.S., the cybersecurity firm said.

Golang Malware

Initial access avenues entail compromising internet-exposed web servers and MySQL database servers to drop the China Chopper web shell. The foothold is then leveraged to carry out lateral movement, privilege escalation, and malware deployment using open source tools like SharpToken, BadPotato, and GotoHTTP.

Also delivered to the hosts are custom malware capable of executing arbitrary code and SparkRAT, a cross-platform remote access trojan that can run system commands, manipulate files and processes, and siphon information of interest.

Another malware of note is the Golang-based m6699.exe, which interprets at runtime the source code contained within it so as to fly under the radar and launch a shellcode loader that’s engineered to contact the C2 server for fetching and executing the next-stage shellcode.

“Chinese-speaking threat actors are known to frequently use open source software in malicious campaigns,” the researchers concluded.

“Since SparkRAT is a multi-platform and feature-rich tool, and is regularly updated with new features, we estimate that the RAT will remain attractive to cybercriminals and other threat actors in the future.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

How have they influenced cybercrime?

Next Post

Initiativesofrisknavigation

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

Initiativesofrisknavigation

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.