Researchers have discovered new ‘extremely malleable, highly sophisticated’ malware from a state-backed Chinese hacker group, according to the unit threat unit of Unit 42 of Palo Alto Network.
Why it matters: The malware “stands in a class of its own in terms of being one of the most sophisticated, well-manipulated and hard-to-detect samples of the tracking code used by an Advanced Persistent Threat (APT).” according to Unit 42.
- The malware, which Unit 42 called ‘BendyBear’, is somewhat similar to the ‘WaterBear malware family’ (hence the bear in the name), associated with BlackTech, a state-affiliated Chinese cyber spy group, Unit 42 writes.
Background: According to Symantec researchers, BlackTech has been active since at least 2013.
- BlackTech has historically focused primarily on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
- The group focused on both foreign government and private sectors, including in “consumer electronics, computer, healthcare and financial industries”, said Trend Micro researchers.
- Trend Micro previously also rated BlackTech’s “campaigns likely to be designed to steal their target’s technology.”
Go deeper: According to Symantec researchers, a spying campaign initiated by BlackTech, launched in 2019, also targeted “organizations in the media, construction, engineering, electronics and finance sectors” with targets in Taiwan, Japan, USA and China.