April 19, 2024 at 10:48AM
BlackTech has targeted technology, research, and government sectors in the Asia-Pacific region with cyber attacks. They have updated their modular backdoor called Waterbear and introduced its enhanced successor, Deuterbear. Trend Micro researchers describe the complexity of Waterbear and its evasive techniques. Earth Hundun, the threat actor, has been active since 2007 and is attributed to China.
Key takeaways from the meeting notes:
– Threat actor BlackTech has targeted technology, research, and government sectors in the Asia-Pacific region in a recent cyber attack wave.
– Trend Micro researchers Cyris Tseng and Pierre Lee highlighted the advanced evasion mechanisms used by the modular backdoor Waterbear, including anti-memory scanning and decryption routines.
– Earth Hundun, also known as BlackTech, has been active since at least 2007 and is attributed to China by cybersecurity and intelligence agencies from Japan and the U.S.
– BlackTech actors use custom malware, dual-use tools, and living-off-the-land tactics, such as modifying router firmware to conceal their operations and maintain persistence in the network.
– Waterbear and its successor Deuterbear are key tools in BlackTech’s arsenal, continuously evolved and refined since 2009, with Deuterbear employing HTTPS encryption for network traffic protection and implementing various updates in malware execution.
Is there anything specific you would like to focus on or any further analysis needed on this information?