and Asia using a previously unseen malware backdoor. In October 2020, researchers at security firm Symantec revealed that the group targeted organizations in the U.S. Officials in Taiwan believe the hacking group has connections to China and its government, Reuters reported in August 2020. Unlike WaterBear, however, BendyBear comes with more advanced capabilities, including API hashing, process hiding and network traffic filtering capabilities.īlackTech, also known as CircuitPanda, Temp.Overboard and Huapi, is an APT group that has previously targeted victims in East Asia, particularly Taiwan, and in Japan and Hong Kong as part of cyberespionage campaigns. Palo Alto Networks notes BendyBear's infrastructure overlaps with that of the WaterBear malware family, which BlackTech has used sincee 2009. Using a polymorphic approach to thwart memory analysis and evade signaturing.Generating unique session keys for each connection to the C2 server.Leveraging existing Windows registry key that is enabled by default in Windows 10 to store configuration data.Transmitting payloads in modified RC4-encrypted chunks, making the decryption of the code more difficult.BendyBear CapabilitiesīendyBear is described as a new class of shellcode with unique capabilities, including: The malware has been deployed by the group as part of cyberespionage campaigns across Southeast Asia. The researchers' report notes: "The BendyBear sample was determined to be 圆4 shellcode for a stage-zero implant whose sole function is to download a more robust implant from a command and control (C2) server." Palo Alto researchers describe the malware as one of the "most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an advanced persistent threat group." See Also: How to Reduce Compliance and Risk Workload to Increase Cybersecurity Revenue for Managed Security Service Providers (MSSPs)īendyBear is a stage-zero implant that has been designed to download more advanced malware from its command-and-control server. This article by Dr Will Stoltz first appeared in The Australian on.BlackTech, a Chinese advanced persistent threat group, is deploying a sophisticated new shellcode called BendyBear as part of its latest espionage campaign security firm Palo Alto Networks reports. Some reading the word ‘ASIS’ may assume a spelling error of ‘ASIO’ – the acronym for Australia’s much better-known domestic security service. Such is the invisibility of our foreign spy agency in the historical and cultural consciousness of Australians. But in considering how we are to find peace in the face of hostility from China and Russia, Australians will need to look anew at the work of their secret service, which includes foreign espionage and covert action.ĪSIS’s obscurity is partially due to the efforts of successive governments to keep hidden its highly classified operations, including discouraging media reporting on the agency. Despite being created in 1952 ASIS was not officially revealed until 1977.ĪSIS has only rarely featured publicly, and typically in relation to several historic scandals. These include accusations of supporting a CIA-backed coup in Chile in 1973 a botched armed exercise at a Melbourne hotel in 1983 and an alleged operation in the 2000s to listen-in on the Timor Leste cabinet during gas treaty negotiations. These scandals aside, there are no significant cultural portrayals to give Australians a sense of the work and history of ASIS. As a result Australians can be forgiven for having a degree of incuriousness about ‘the Service’. There are, after all, no Australian James Bonds, George Smileys, or Jack Ryans to drive the myth-making around Australia’s overseas spies. Yet, as ASIS marks its 70th birthday, there is a need for Australians to better understand its work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |