Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-sponsored Chinese hacker group, according to Palo Alto Network’s Unit 42 Threat Intelligence Team.
Why it matters: The malware “is in a class of its own in terms of one of the most advanced, well-designed, and difficult to detect examples of shell code used by an Advanced Persistent Threat (APT),” said Unit 42.
- The malware, which Unit 42 has dubbed ‘BendyBear’, bears some resemblance to the ‘WaterBear malware family’ (hence the bear in the name), which has been associated with BlackTech, a state-linked Chinese cyber-espionage group, Unit 42 writes. .
Background: BlackTech has been active since 2013, according to Symantec researchers.
- BlackTech has traditionally focused primarily on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
- The group has targeted foreign governments as well as private sector entities, including in “consumer electronics, computers, healthcare and financial industries,” said Trend Micro researchers.
- Trend Micro has also previously assessed that “BlackTech’s campaigns are likely to steal the technology from their target.”
Go deeper: According to Symantec researchers, a BlackTech-initiated espionage campaign that began in 2019 also targeted “organizations in the media, construction, engineering, electronics, and finance sectors” with targets in Taiwan, Japan, the US and China.