Security News > 2021 > February > New BendyBear APT malware gets linked to Chinese hacking group

New BendyBear APT malware gets linked to Chinese hacking group
2021-02-09 18:09

Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.

The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.

WaterBear is connected to BlackTech, a cyberespionage group linked by threat researchers to the Chinese government.

"At 10,000+ bytes, BendyBear is noticeably larger than most, and uses its size to implement advanced features and anti-analysis techniques, such as modified RC4 encryption, signature block verification, and polymorphic code," Unit 42 said.

Due to the features such as signature block verification and the use of anti-analysis techniques, it's fairly obvious that BendyBear's developers are focused on making it a stealthy and detection-evasion malware.

More technical details on the BendyBear shellcode, indicators of compromise, and shellcode proof of concept are available in Unit 42's report.


News URL

https://www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/