Security News > 2021 > February > New BendyBear APT malware gets linked to Chinese hacking group
Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.
The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.
WaterBear is connected to BlackTech, a cyberespionage group linked by threat researchers to the Chinese government.
"At 10,000+ bytes, BendyBear is noticeably larger than most, and uses its size to implement advanced features and anti-analysis techniques, such as modified RC4 encryption, signature block verification, and polymorphic code," Unit 42 said.
Due to the features such as signature block verification and the use of anti-analysis techniques, it's fairly obvious that BendyBear's developers are focused on making it a stealthy and detection-evasion malware.
More technical details on the BendyBear shellcode, indicators of compromise, and shellcode proof of concept are available in Unit 42's report.
News URL
Related news
- Chinese hacking groups target Russian government, IT firms (source)
- New macOS Malware TodoSwift Linked to North Korean Hacking Groups (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)