SentinelLabs recently attributed a new string of attacks targeting East Asian organizations to a threat actor referred to as DragonSpark. SentinelLabs stated that the campaign leverages a rare open-source SparkRAT and malware tools to evade detection through source code interpretation techniques. The techniques are based on the Go programming language. Security researchers said that this campaign is the first time that consistent use of SparkRAT has been identified. This week, SentinelLabs published an advisory detailing the campaign and the RAT.
According to the advisory, SparkRAT has several attractive properties; it is multi-platform, feature rich, and frequently updated. The frequent updates allow the RAT to evolve and continue to evade detection. In the attacks against East Asian organizations, DragonSpark threat actors conducted malicious activities such as privilege escalation, malware deployment, and lateral movement after gaining initial access.
Read More: DragonSpark Hackers Evade Detection With SparkRAT and Golang