Security News > 2021 > February > New BendyBear APT malware gets linked to Chinese hacking group
Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.
The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.
WaterBear is connected to BlackTech, a cyberespionage group linked by threat researchers to the Chinese government.
"At 10,000+ bytes, BendyBear is noticeably larger than most, and uses its size to implement advanced features and anti-analysis techniques, such as modified RC4 encryption, signature block verification, and polymorphic code," Unit 42 said.
Due to the features such as signature block verification and the use of anti-analysis techniques, it's fairly obvious that BendyBear's developers are focused on making it a stealthy and detection-evasion malware.
More technical details on the BendyBear shellcode, indicators of compromise, and shellcode proof of concept are available in Unit 42's report.
News URL
Related news
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (source)
- Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (source)
- Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents (source)
- U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)