May 17, 2024 at 08:33AM
Cybersecurity researchers have provided insights into Deuterbear, a remote access trojan (RAT) used by the China-linked BlackTech group as part of their cyber espionage campaign in the Asia-Pacific region. Deuterbear exhibits advanced capabilities and is an updated version of the older malware Waterbear. Additionally, Proofpoint detailed a targeted cyber campaign delivering the SugarGh0st RAT, aimed at organizations involved in artificial intelligence efforts in the U.S.
Based on the meeting notes, here are the key takeaways:
1. The China-linked BlackTech hacking group has been using an advanced remote access trojan (RAT) called Deuterbear as part of a cyber espionage campaign targeting the Asia-Pacific region in 2024. This malware possesses capabilities such as support for shellcode plugins, avoidance of handshakes for RAT operation, and use of HTTPS for C&C communication.
2. BlackTech has also been tracked under various other names including Circuit Panda, Earth Hundun, HUAPI, Manga Taurus, Palmerworm, Red Djinn, and Temp.Overboard.
3. Deuterbear is an updated version of the Waterbear malware, and both have been used by BlackTech in cyber attacks. The deployment and infection pathways of Deuterbear are similar to those of Waterbear, but with some significant tweaks for establishing persistence and information theft. Deuterbear RAT is a more streamlined version that retains only a subset of the commands and employs a plugin-based approach to incorporate more functionality.
4. There is also mention of a targeted cyber campaign using a customized variant of Gh0st RAT called SugarGh0st RAT, which has historically been used to target users in Central and East Asia. The campaign targeted organizations in the U.S. involved in artificial intelligence efforts and is suspected to be an attempt to steal non-public information about generative artificial intelligence (GenAI).
5. The targeting of U.S. entities is speculated to be linked to reports about the U.S. government’s efforts to restrict China’s access to GenAI tools from companies like OpenAI, Google DeepMind, and Anthropic.
Feel free to reach out if you need further clarification or additional details on any specific aspect.