The newly discovered cyberattack affected the technology, science and public sectors of the Asia-Pacific region. Behind the attack is the hacker group BlackTech, known for using sophisticated methods to disguise their actions.
The attacks involved updated versions of the malware, including a modular Waterbear backdoor and an improved version of Deuterbear. Researchers at Trend Micro note that Waterbear is quite difficult to detect and analyze due to its multiple evasion mechanisms. While Deuterbear compared to its predecessor, added functions to counteract memory scanning and data encryption, which makes the program even more dangerous than the original.
The BlackTech group is also known by the names Earth Hundun, Circuit Panda and others. Since 2007, it has been actively using cyber attacks against targets in different countries and constantly improving its methods. In September last year, Japanese and US intelligence agencies linked the group's actions to China, pointing out the hackers ' ability to modify the firmware of routers and use trust between domains to access corporate networks.
BlackTech's operations remain secretive thanks to its proprietary software and LotL tactics, including disabling logging on routers. The main BlackTech tool, the Waterbear malware, has been used by the group since 2009 and is regularly updated to improve stealth. Deuterbear, first introduced in 2022, uses obfuscation and HTTPS methods to communicate with the management server, and is also regularly updated.
These multi-faceted malware programs can execute about 50 commands, including managing processes and files, modifying the Windows registry, and collecting screenshots. The ongoing development of Waterbear and its modifications since 2009 demonstrates the continuous improvement of the BlackTech Group's cyberattack methods.
This persistent development of advanced cyber attack tactics underscores the growing need to strengthen cybersecurity measures to protect critical data and systems from malicious hacker groups that use increasingly sophisticated malware in their activities.
• Source: https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html
The attacks involved updated versions of the malware, including a modular Waterbear backdoor and an improved version of Deuterbear. Researchers at Trend Micro note that Waterbear is quite difficult to detect and analyze due to its multiple evasion mechanisms. While Deuterbear compared to its predecessor, added functions to counteract memory scanning and data encryption, which makes the program even more dangerous than the original.
The BlackTech group is also known by the names Earth Hundun, Circuit Panda and others. Since 2007, it has been actively using cyber attacks against targets in different countries and constantly improving its methods. In September last year, Japanese and US intelligence agencies linked the group's actions to China, pointing out the hackers ' ability to modify the firmware of routers and use trust between domains to access corporate networks.
BlackTech's operations remain secretive thanks to its proprietary software and LotL tactics, including disabling logging on routers. The main BlackTech tool, the Waterbear malware, has been used by the group since 2009 and is regularly updated to improve stealth. Deuterbear, first introduced in 2022, uses obfuscation and HTTPS methods to communicate with the management server, and is also regularly updated.
These multi-faceted malware programs can execute about 50 commands, including managing processes and files, modifying the Windows registry, and collecting screenshots. The ongoing development of Waterbear and its modifications since 2009 demonstrates the continuous improvement of the BlackTech Group's cyberattack methods.
This persistent development of advanced cyber attack tactics underscores the growing need to strengthen cybersecurity measures to protect critical data and systems from malicious hacker groups that use increasingly sophisticated malware in their activities.
• Source: https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html
