Investigators have discovered new “very malleable, highly sophisticated” malware from a state-backed group of Chinese hackers, according to the Palo Alto Network’s Unit 42 threat intelligence team.
Why does it matter: The malware “is in a class of its own in terms of one of the most sophisticated, well-designed, and difficult-to-detect samples of shell code used by an Advanced Persistent Threat (APT),” according to Unit 42.
- The malware, which Unit 42 called “BendyBear,” somewhat resembles the “WaterBear malware family” (hence the name bear), which was associated with BlackTech, a Chinese state-related cyber espionage group, writes 42.
Background: BlackTech has been active since at least 2013, according to Symantec researchers.
- Historically, BlackTech has focused primarily on information targets in Taiwan, as well as some in Japan and Hong Kong.
- The group targeted both foreign government entities and private sector entities, including in the “consumer electronics, computer, healthcare and financial industries,” said researchers at Trend Micro.
- Trend Micro also previously assessed that “BlackTech campaigns are probably designed to steal their target technology.”
Go deeper: According to Symantec researchers, an espionage campaign launched by BlackTech that began in 2019 also targeted “organizations in the media, construction, engineering, electronics and finance sectors” with targets in Taiwan, Japan, the US and China.