Priya Patel
TLDR:
Intrusions with the Waterbear and Deuterbear backdoors, used by China-linked threat operation BlackTech, have been targeting government, research, and technology organizations across the Asia-Pacific. The malware has been continuously updated with new capabilities, including process termination and HTTPS encryption.
Intrusions with the Waterbear backdoor and its updated variant dubbed “Deuterbear” have been deployed by China-linked threat operation BlackTech against government, research, and technology organizations across the Asia-Pacific. BlackTech has made continuous improvements to the Waterbear custom backdoor, which now supports almost 50 commands for various malicious activities. The Deuterbear downloader, a new variant descended from Waterbear, has been considered a separate malware entity due to its downloader with anti-analysis capabilities and HTTPS encryption.
Despite being descended from Waterbear, Deuterbear has been considered a separate malware entity due to having a downloader with anti-analysis capabilities and HTTPS encryption. “The Deuterbear downloader employs HTTPS encryption for network traffic protection and implements various updates in malware execution, such as altering the function decryption, checking for debuggers or sandboxes, and modifying traffic protocols,” said researchers. Such findings come months after a joint U.S. and Japan cybersecurity and intelligence advisory warning about BlackTech’s extensive attack arsenal. SC Staff
Proof-of-concept exploits for CVE-2024-3400 are now publicly available. Network Security MITRE research and prototyping network breached via Ivanti zero-days Steve Zurier April 22, 2024 Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries. Network Security Authorities investigate LabHost users after phishing service shut down Simon Hendery April 22, 2024 The alleged creator of the phishing-as-a-service malware was among those apprehended in the international operation.
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy .
