Earth Hundun’s Hackers Employ Waterbear And Deuterbear Tools For Advanced Cyber Attacks Tushar Subhra Dutta
Hackers always keep evolving their tools to stay ahead of defense systems and exploit new vulnerabilities.
Cybersecurity researchers at Trend Micro reported that the Earth Hundun (BlackTech) cyberespionage group has seen a rise in cyberattacks.
These attacks exploit the Waterbear virus family, which is renowned for its intricate anti-analysis skills and regularly revised loaders, downloaders, and communication protocols by developers.
The most recent version, Deuterbear, uses more elaborate evasion strategies that necessitate a detailed examination of this multifaceted malware weapons stockpile, which is used for spying, especially in the Asia Pacific region.
Waterbear And Deuterbear Tools
Since 2009, Waterbear has undergone more than ten versions, with developers continuously working on infection processes until the time when a successful compromise was achieved which resulted in multiple coexistence of these versions among victims.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
It is important to note that some Waterbear downloaders use internal IP addresses as their C&C servers, which suggests that they know the target networks deeply and use multilayer jump servers to persist stealthily and control compromised environments, according to the report.
The fact that these sophisticated techniques are designed for evasion and longevity reflects the advanced nature of these attacks as well as the determined efforts of the threat actors behind this constantly changing malware family.
Deuterbear is the latest Waterbear downloader variant which was active since 2022 and represents a distinct malware entity separate from the original Waterbear downloader category.
This classification originates from significant updates to its decryption flow and configuration structure, marking a notable evolution in the malware’s capabilities.
Here below, we have mentioned all the key differences between the Deuterbear downloader and the Waterbear downloader:-
Comparison (Source – Trend Micro)
The Earth Hundun group has been incessantly transforming Waterbear into a more advanced version known as Deuterbear since 2009.
Using HTTPS encryption, debugger/sandbox checks, changed decryption, and updated protocols makes Deuterbear the most recent in sophistication infection methods and anti-analysis mechanisms.
Earth Hundun still penetrates Asia-Pacific targets despite these defenses, with an ever-improving Waterbear that poses considerable difficulties.
.webp)
.webp)
.webp)
Comments
Post a Comment
Commenter vous !