archibion.blogg.se

1. CHINESE ESPIONAGE GROUP DEPLOYS WINDOWS SYSTEMS WINDOWS 10
2. CHINESE ESPIONAGE GROUP DEPLOYS WINDOWS SYSTEMS CODE

and Asia using a previously unseen malware backdoor. In October 2020, researchers at security firm Symantec revealed that the group targeted organizations in the U.S. Officials in Taiwan believe the hacking group has connections to China and its government, Reuters reported in August 2020. Unlike WaterBear, however, BendyBear comes with more advanced capabilities, including API hashing, process hiding and network traffic filtering capabilities.īlackTech, also known as CircuitPanda, Temp.Overboard and Huapi, is an APT group that has previously targeted victims in East Asia, particularly Taiwan, and in Japan and Hong Kong as part of cyberespionage campaigns. Palo Alto Networks notes BendyBear's infrastructure overlaps with that of the WaterBear malware family, which BlackTech has used sincee 2009. Using a polymorphic approach to thwart memory analysis and evade signaturing.Generating unique session keys for each connection to the C2 server.

CHINESE ESPIONAGE GROUP DEPLOYS WINDOWS SYSTEMS WINDOWS 10

CHINESE ESPIONAGE GROUP DEPLOYS WINDOWS SYSTEMS CODE

Palo Alto researchers describe the malware as one of the "most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an advanced persistent threat group." See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pmīendyBear is a stage-zero implant that has been designed to download more advanced malware from its command-and-control server. BlackTech, a Chinese advanced persistent threat group, is deploying a sophisticated new shellcode called BendyBear as part of its latest espionage campaign security firm Palo Alto Networks reports.