DragonSpark malware is a sophisticated threat leveraging Golang programming language to evade detection by Chinese hackers.
new attack targeting Organizations in East Asia: DragonSpark and its Uncommon Tactics
feature of the attacks is the use of legitimate Windows tools to move laterally within the network and to exfiltrate data.
Organizations in East Asia have been targeted by a likely Chinese-speaking actor, dubbed DragonSpark, using uncommon tactics to go past security layers. According to a report released by SentinelOne, the attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation.
What makes the attacks particularly concerning is the use of legitimate Windows tools to move laterally within the network and to exfiltrate data. This means that the malicious actors can move around the network undetected and steal confidential information without being detected. The use of legitimate Windows tools also makes it more difficult for security teams to detect and stop the attack.
The DragonSpark campaign is a reminder that organizations need to be vigilant in their security measures and have a comprehensive strategy in place to protect their data. Organizations should ensure that their networks are regularly monitored for suspicious activity and that they have a robust system in place to detect and respond to any potential threats. Additionally, organizations should ensure that they have a comprehensive data backup plan in place so that any data that is stolen can be recovered quickly and securely. Finally, organizations should ensure that they have an incident response plan in place so that they can respond quickly and effectively in the event of a security breach.