At a glance.
- DragonSpark conducts "opportunistic" cyberattacks in East Asia.
- ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers.
- Cisco study finds organizations see positive returns from investment in privacy.
- IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability.
- CISA adds an entry to its Known Exploited Vulnerabilities Catalog.
- What's the hacktivist's postwar future?
DragonSpark conducts "opportunistic" cyberattacks in East Asia.
SentinelOne this morning describes the activities of a threat actor they're calling DragonSpark. The researchers are fairly confident it's a Chinese group, but whether it's a criminal or an intelligence organization remains unclear: the motive behind the attacks could be either financial gain or espionage. DragonSpark is making heavy use of SparkRAT, "a multi-platform and feature-rich tool" that's open-source but little-seen, and that's also "regularly updated with new features." The attacks use Golang source code interpretation, also an uncommon technique, to thwart static analysis and evade detection.