‘DragonSpark’ threat actor leverages open-source RAT, other Chinese-language tools


AI generated Image

SparkRAT is one of numerous open-source tools used by DragonSpark that were developed by Chinese-speaking programmers or vendors, along with others like SharpToken and BadPotato (tools used to find and exploit access credentials in order to escalate privileges) and GoToHTTP, another remote access tool that can used by malicious actors to gain persistence within a victim network. SparkRAT is written in Golang, a programming language increasingly used to build both legitimate tools and malware, and there is evidence that the same actors are also leveraging Golang-written malware in order to evade static detection and analysis techniques. Most of the evidence is based on technical indicators pulled from victim environments, the location of malware staging infrastructure throughout East Asia (a common choice for Chinese cybercriminal groups) and a number of overlaps between tools or servers used by DragonSpark and other Chinese-speaking threat groups.

Source read time: 2 min - scmagazine.com

Also offered in: Nederlands

More news for you