The researchers found a new “highly malleable and sophisticated” malware from a Chinese state-backed hacking group, according to the Palo Alto Network’s Unit 42 threat intelligence team.
Why it matters: The malware “stands out in terms of being one of the most sophisticated, well-designed and hard-to-detect shellcode samples employed by an Advanced Persistent Threat (APT),” according to Unit 42.
- The malware, which Unit 42 dubbed “BendyBear”, bears some resemblance to the “WaterBear malware family” (hence the bear in the name), which was associated with BlackTech, a state-owned Chinese cyber espionage group, writes Unit 42 .
Background: BlackTech has been active since at least 2013, according to Symantec researchers.
- BlackTech has historically focused mainly on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
- The group targets foreign and private sector government entities, including “consumer electronics, computers, health and financial sectors,” said Trend Micro researchers.
- Trend Micro also previously evaluated that “BlackTech campaigns are probably designed to steal your target’s technology”
Go deeper: According to Symantec researchers, a espionage campaign initiated by BlackTech that began in 2019 also targeted “organizations in the media, construction, engineering, electronics and finance sectors” with targets in Taiwan, Japan, the United States and China.