Priya PatelTLDR:
- BlackTech targets tech, research, and government sectors in Asia-Pacific with a new tool called Deuterbear
- BlackTech, also known as Earth Hundun, has been active since at least 2007 and is attributed to China
In a recent cyber attack wave, the technology, research, and government sectors in the Asia-Pacific region have been targeted by BlackTech, a threat actor known for its use of sophisticated tools. One of the key tools in their arsenal is Waterbear, an intricate malware that has evolved over the years. In 2022, a new version of Waterbear called Deuterbear was identified, featuring anti-memory scanning and decryption routines to evade detection.
BlackTech, also known as Earth Hundun, has been active since at least 2007 and is attributed to China by cybersecurity and intelligence agencies from Japan and the U.S. The threat actor uses custom malware and tools to infiltrate networks, with a focus on modifying router firmware to hide their operations and maintain persistence in the network. The Deuterbear downloader employs HTTPS encryption for network traffic protection and implements various updates in malware execution to avoid detection.
This ongoing threat highlights the importance of cybersecurity measures in safeguarding sensitive sectors from sophisticated attacks like those conducted by BlackTech. Organizations in the targeted sectors should remain vigilant and implement robust security strategies to mitigate the risk of intrusions.
