Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
Security firm SentinelOne has identified a new breed of cyber-espionage threat.
Furthermore, not only do the open source tools used in the cyber assaults originate from developers or companies with links to China, the instructure for staging the payloads are located in Taiwan, Hong Kong, China, and Singapore, some of which belong to legitimate businesses. Another malware of note is the Golang-based m6699.exe, which interprets at runtime the source code contained within it so as to fly under the radar and launch a shellcode loader that's engineered to contact the C2 server for fetching and executing the next-stage shellcode. DragonSpark's ties to China stem from the use of the China Chopper web shell to deploy malware – a widely used attack pathway among Chinese threat actors.
Source read time: 1 min - thehackernews.com
Also offered in: Nederlands