Feb 10, 2021 - Technology

Researchers discover new malware from Chinese hacking group

China flag.
Illustration: Eniola Odetunde/Axios

Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team.

Why it matters: The malware “stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT),” according to Unit 42.

  • The malware, which Unit 42 has dubbed “BendyBear,” bears some resemblance to the “WaterBear malware family” (hence the bear in the name), which has been associated with BlackTech, a state-linked Chinese cyber spy group, writes Unit 42.

Background: BlackTech has been active since at least 2013, according to Symantec researchers.

  • BlackTech has historically focused chiefly on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
  • The group has targeted both foreign government and private-sector entities, including in “consumer electronics, computer, healthcare, and financial industries,” said researchers with Trend Micro.
  • Trend Micro also previously assessed that BlackTech’s “campaigns are likely designed to steal their target’s technology.”

Go deeper: According to Symantec researchers, a BlackTech-initiated espionage campaign that began in 2019 also targeted “organizations in the media, construction, engineering, electronics, and finance sectors” with targets in Taiwan, Japan, the U.S. and China.

Go deeper