Investigators have discovered new “highly malleable and highly sophisticated” malware from a state-backed group of Chinese hackers, according to the Palo Alto Network’s Unit 42 threat intelligence team.
Why it’s important: According to Unit 42, malware “is in a class of its own in terms of being one of the most sophisticated, well-designed, and hard-to-detect shell code samples used by an advanced persistent threat (APT).”
- The malware, which Unit 42 has dubbed “BendyBear,” bears a certain resemblance to the “WaterBear family of malware” (hence the name bear), which has partnered with BlackTech, a group Chinese cyberespionage linked to the state. .
Background: According to Symantec researchers, BlackTech has been active since at least 2013.
- Historically, BlackTech has focused primarily on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
- Trend Micro researchers noted that the group has targeted private government and private sector entities, including the consumer electronics, computer, healthcare and financial industries.
- Trend Micro also previously assessed that “BlackTech campaigns are likely designed to steal technology from their target.”
In depth: According to Symantec researchers, a spy campaign launched by BlackTech that began in 2019 also targeted “organizations in the media, construction, engineering, electronics and finance sectors” targeting Taiwan, Japan, the US and China.