Organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne.
SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to threat actors.
DragonSpark was observed using Golang malware that interprets embedded GoLang source code at runtime as a technique for hindering static analysis and evading detection by static analysis mechanisms. “This uncommon technique provides threat actors with yet another means to evade detection mechanisms by obfuscating malware implementations,” SentinelOne noted.