Researchers discover new malware from Chinese hacking group
Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team.
Why it matters: The malware “stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT),” according to Unit 42.
- The malware, which Unit 42 has dubbed “BendyBear,” bears some resemblance to the “WaterBear malware family” (hence the bear in the name), which has been associated with BlackTech, a state-linked Chinese cyber spy group, writes Unit 42.
Background: BlackTech has been active since at least 2013, according to Symantec researchers.
- BlackTech has historically focused chiefly on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
- The group has targeted both foreign government and private-sector entities, including in “consumer electronics, computer, healthcare, and financial industries,” said researchers with Trend Micro.
- Trend Micro also previously assessed that BlackTech’s “campaigns are likely designed to steal their target’s technology.”
Go deeper: According to Symantec researchers, a BlackTech-initiated espionage campaign that began in 2019 also targeted “organizations in the media, construction, engineering, electronics, and finance sectors” with targets in Taiwan, Japan, the U.S. and China.