Network Security, Malware, Threat Intelligence

New tool used in China-linked attacks against Asia-Pacific

Abstract Red Background with Binary Code Numbers. Data Breach, Malware, Cyber Attack, Hacking

Intrusions with the Waterbear backdoor and its updated variant dubbed "Deuterbear" have been deployed by China-linked threat operation BlackTech — also known as Earth Hundun, Manga Taurus, Circuit Panda, Temp.Overboard, Palmerwom, Red Djinn, and HUAPI — against government, research, and technology organizations across the Asia-Pacific, reports The Hacker News.

Continuous improvements have been made by BlackTech to the Waterbear custom backdoor, which was updated to support almost 50 commands that enable process termination, window management, and Windows Registry alterations, among others, according to a Trend Micro report. Despite being descended from Waterbear, Deuterbear has been considered a separate malware entity due to having a downloader with anti-analysis capabilities and HTTPS encryption.

"The Deuterbear downloader employs HTTPS encryption for network traffic protection and implements various updates in malware execution, such as altering the function decryption, checking for debuggers or sandboxes, and modifying traffic protocols," said researchers.

Such findings come months after a joint U.S. and Japan cybersecurity and intelligence advisory warning about BlackTech's extensive attack arsenal.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.