Key features
According to a report released by CyCraft researchers, the latest Waterbear malware has been featuring different capabilities allowing the Waterbear loader to deploy additional malicious packages.
The campaign has leveraged a vulnerability in a common and trusted Data Loss Prevention (DLP) tool to load Waterbear malware, perform DLL hijacking, and stealthily trigger next stage malware.
With a decade-old antivirus evasion technique known as Heaven's Gate, the attackers have been successfully tricking Windows to hide and bypass Waterbear's network behaviors from security engines.
In addition, the attackers used enlarged binary size to bypass scanning protocols altogether, forced DLLs to unload to obfuscate malware, and padded memory with Kernel32 content to confuse analyses.
The threat actor leveraged Windows IKEEXT Service, and system services such as Winmgmt, System Event Notification Service (SENS), Wuauserv, and LanmanServer in their attacks.
BlackTech’s recent targets
BlackTech, also known as the Palmerworm group, is known to target technology companies and government entities across Taiwan, Japan, and Hong Kong.
In September, the group had used a brand new suite of custom malware to target organizations in the media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China.
In A ..
Support the originator by clicking the read the rest link below.
