Security News > 2021 > February > New BendyBear APT malware gets linked to Chinese hacking group
Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.
The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.
WaterBear is connected to BlackTech, a cyberespionage group linked by threat researchers to the Chinese government.
"At 10,000+ bytes, BendyBear is noticeably larger than most, and uses its size to implement advanced features and anti-analysis techniques, such as modified RC4 encryption, signature block verification, and polymorphic code," Unit 42 said.
Due to the features such as signature block verification and the use of anti-analysis techniques, it's fairly obvious that BendyBear's developers are focused on making it a stealthy and detection-evasion malware.
More technical details on the BendyBear shellcode, indicators of compromise, and shellcode proof of concept are available in Unit 42's report.
News URL
Related news
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants (source)
- U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations (source)
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)