Feb 10, 2021 - Technology

Researchers discover new malware from Chinese hacking group

Zach Dorfman of the Aspen Institute

China flag. — Illustration: Eniola Odetunde/Axios

Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team.

Why it matters: The malware “stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT),” according to Unit 42.

The malware, which Unit 42 has dubbed “BendyBear,” bears some resemblance to the “WaterBear malware family” (hence the bear in the name), which has been associated with BlackTech, a state-linked Chinese cyber spy group, writes Unit 42.

Background: BlackTech has been active since at least 2013, according to Symantec researchers.

BlackTech has historically focused chiefly on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
The group has targeted both foreign government and private-sector entities, including in “consumer electronics, computer, healthcare, and financial industries,” said researchers with Trend Micro.
Trend Micro also previously assessed that BlackTech’s “campaigns are likely designed to steal their target’s technology.”

Go deeper: According to Symantec researchers, a BlackTech-initiated espionage campaign that began in 2019 also targeted “organizations in the media, construction, engineering, electronics, and finance sectors” with targets in Taiwan, Japan, the U.S. and China.

Add Axios on Google

Researchers discover new malware from Chinese hacking group

What to read next