32.Lock Code Circular

A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia.

The attacks are tracked by SentinelLabs, whose researchers report that DragonSpark relies on a little-known open-source tool called SparkRAT to steal sensitive data from compromised systems, execute commands, perform lateral network movement, and more.

The threat actors leverage compromised infrastructure in China, Taiwan, and Singapore to launch their attacks, while the intrusion vector observed by SentinelLabs is vulnerable MySQL database servers exposed online.