Researchers Discover New Malware From Chinese Hacking Group

Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team. From a report: The malware “stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT),” according to Unit 42. The malware, which Unit 42 has dubbed “BendyBear,” bears some resemblance to the “WaterBear malware family” (hence the bear in the name), which has been associated with BlackTech, a state-linked Chinese cyber spy group, writes Unit 42.
Background: BlackTech has been active since at least 2013, according to Symantec researchers. BlackTech has historically focused chiefly on intelligence targets in Taiwan, as well as some in Japan and Hong Kong. The group has targeted both foreign government and private-sector entities, including in “consumer electronics, computer, healthcare, and financial industries,” said researchers with Trend Micro.
Trend Micro also previously assessed that BlackTech’s “campaigns are likely designed to steal their target’s technology.”