According to cybersecurity company SentinelOne, a Chinese threat actor known as DragonSpark has been using the open-source remote administration tool (RAT) SparkRAT in recent attacks against East Asian organizations.
SparkRAT, a relatively new RAT that can run on Windows, Linux, and MacOS systems, can update itself with new versions that are made available through its command and control (C&C) server. SparkRAT is written in the Go programming language.
The threat supports over 20 commands that it can use to carry out tasks, take control of the infected machine, manipulate processes and files, and steal various types of information. It communicates with the C&C server using the WebSocket protocol.