DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation

By  Aleksandar Milenkoski, Joey Chen, and Amitai Ben Shushan Ehrlich

Executive Summary

• SentinelLabs tracks a cluster of recent opportunistic attacks against organizations in East Asia as DragonSpark.


• SentinelLabs assesses it is highly likely that a Chinese-speaking actor is behind the DragonSpark attacks.


• The attacks provide evidence that Chinese-speaking threat actors are adopting the little known open source tool SparkRAT.


• The threat actors use Golang malware that implements an uncommon technique for hindering static analysis and evading detection: Golang source code …

actor asia attacks ben chen chinese cluster code detection dragonspark evade executive golang golang source code interpretation malware malware analysis open source organizations sentinellabs source code sparkrat speaking threat threat actors tool