Intrusions with the Waterbear backdoor and its updated variant dubbed "Deuterbear" have been deployed by China-linked threat operation BlackTech — also known as Earth Hundun, Manga Taurus, Circuit Panda, Temp.Overboard, Palmerwom, Red Djinn, and HUAPI — against government, research, and technology organizations across the Asia-Pacific, reports The Hacker News.
Continuous improvements have been made by BlackTech to the Waterbear custom backdoor, which was updated to support almost 50 commands that enable process termination, window management, and Windows Registry alterations, among others, according to a Trend Micro report. Despite being descended from Waterbear, Deuterbear has been considered a separate malware entity due to having a downloader with anti-analysis capabilities and HTTPS encryption.
"The Deuterbear downloader employs HTTPS encryption for network traffic protection and implements various updates in malware execution, such as altering the function decryption, checking for debuggers or sandboxes, and modifying traffic protocols," said researchers.
Such findings come months after a joint U.S. and Japan cybersecurity and intelligence advisory warning about BlackTech's extensive attack arsenal.
