If you’re involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical Read More
Related Posts
![Strengthening the Cyber Talent Pipeline Apparatus Part I: Needs & Challenges](https://thecyberwire.com/images/social-media/cyber-talent-insights/cyber-talent-insights-strengthening-the-cyber-talent-pipeline-apparatus-1.jpg?#)
Strengthening the Cyber Talent Pipeline Apparatus Part I: Needs & Challenges
Strengthening the Cyber Talent Pipeline Apparatus Part I: Needs & Challenges
In our upcoming Cyber Talent Insights series episode, the N2K team delves into the world of cybersecurity employment, where they dissect challenges and provide actionable insights for employers, practitioners, plus academic institutions and industry partners. Read More
The CyberWire
![Earth Hundun’s Hackers Employ Waterbear And Deuterbear Tools For Advanced Cyber Attacks](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVeU3dNngzU62zOs4WlRlOpwdUjLLAem8bk4JZTJ5WdrQdvJxMmTOkBgNdYoqjFchtRklePahCapzGjjhIfw3w1XDCT5CyA75PiK-CNslzLOYuVQgz088lR1lh6JLCio4nik-sx4cgvEjn6W0hko3UdkGnLT1ty6G4mbYifKU0EnUH5B9IMRSdTijEKIYF/s16000/Waterbear%20infection%20flow%20chart%20(Source%20-%20Trend%20Micro).webp)
Earth Hundun’s Hackers Employ Waterbear And Deuterbear Tools For Advanced Cyber Attacks
Earth Hundun’s Hackers Employ Waterbear And Deuterbear Tools For Advanced Cyber Attacks
[[{“value”:”
Hackers always keep evolving their tools to stay ahead of defense systems and exploit new vulnerabilities.
Cybersecurity researchers at Trend Micro reported that the Earth Hundun (BlackTech) cyberespionage group has seen a rise in cyberattacks.
These attacks exploit the Waterbear virus family, which is renowned for its intricate anti-analysis skills and regularly revised loaders, downloaders, and communication protocols by developers.
The most recent version, Deuterbear, uses more elaborate evasion strategies that necessitate a detailed examination of this multifaceted malware weapons stockpile, which is used for spying, especially in the Asia Pacific region.
Waterbear And Deuterbear Tools
Since 2009, Waterbear has undergone more than ten versions, with developers continuously working on infection processes until the time when a successful compromise was achieved which resulted in multiple coexistence of these versions among victims.
Document
Stop Advanced Phishing Attack With AI
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
It is important to note that some Waterbear downloaders use internal IP addresses as their C&C servers, which suggests that they know the target networks deeply and use multilayer jump servers to persist stealthily and control compromised environments, according to the report.
The fact that these sophisticated techniques are designed for evasion and longevity reflects the advanced nature of these attacks as well as the determined efforts of the threat actors behind this constantly changing malware family.
Deuterbear is the latest Waterbear downloader variant which was active since 2022 and represents a distinct malware entity separate from the original Waterbear downloader category.
This classification originates from significant updates to its decryption flow and configuration structure, marking a notable evolution in the malware’s capabilities.
Comparison Between Deuterbear And Waterbear
Here below, we have mentioned all the key differences between the Deuterbear downloader and the Waterbear downloader:-
The Earth Hundun group has been incessantly transforming Waterbear into a more advanced version known as Deuterbear since 2009.
Using HTTPS encryption, debugger/sandbox checks, changed decryption, and updated protocols makes Deuterbear the most recent in sophistication infection methods and anti-analysis mechanisms.
Earth Hundun still penetrates Asia-Pacific targets despite these defenses, with an ever-improving Waterbear that poses considerable difficulties.
Indicators Of Compromise
Files SHA-256 Detection Name
e669aaf63552430c6b7c6bd158bcd1e7a11091c164eb034319e1188d43b5490c Trojan.Win64.WATERBEAR.ZTLC
0da9661ed1e73a58bd1005187ad9251bcdea317ca59565753d86ccf1e56927b8 Trojan.Win64.WATERBEAR.ZTLC.enc
ca0423851ee2aa3013fe74666a965c2312e42d040dbfff86595eb530be3e963f Trojan.Win64.WATERBEAR.ZTLA
6dcc3af7c67403eaae3d5af2f057f0bb553d56ec746ff4cb7c03311e34343ebd Trojan.Win64.WATERBEAR.ZTLC.enc
ab8d60e121d6f121c250208987beb6b53d4000bc861e60b093cf5c389e8e7162 Trojan.Win64.WATERBEAR.ZTLB
a569df3c46f3816d006a40046dae0eb1bc3f9f1d4d3799703070390e195f6dd4 Trojan.Win64.WATERBEAR.ZTLC.enc
e483cae34eb1e246c3dd4552b2e71614d4df53dc0bac06076442ffc7ac2e06b2 Trojan.Win64.WATERBEAR.ZTLB
c97e8075466cf91623b1caa1747a6c5ee38c2d0341e0a3a2fa8fcf5a2e6ad3a6 Trojan.Win64.WATERBEAR.ZTLB
6b9a14d4d9230e038ffd9e1f5fd0d3065ff0a78b52ab338644462864740c2241 Trojan.Win64.WATERBEAR.ZTLB.enc
d665aea7899ad317baf1b6e662f40a10d42045865f9eea1ab18993b50dd8942d Trojan.Win64.DEUTERBEAR.ZTLC
dc60d8b1eff66bfb91573c8f825695e27b0813a9891bd0541d9ff6a3ae7e8cf2 Trojan.Win64.DEUTERBEAR.ZTLC.enc
4540132def6dfa6d181cabf1e1689bede5ecfef6450b033fecb0aeb1fe1b3fe9 Trojan.Win64.DEUTERBEAR.ZTLC
8f26069b6b49391f245b8551aa42ca4814c52e7f52d0343916f5262557bf5c52 Trojan.Win64.DEUTERBEAR.ZTLC.enc
74efa0ce94f4285404108d3d19bf2ff64c7c3a1c85e9b59cf511b56f9d71dc05 Trojan.Win64.DEUTERBEAR.ZTLC
d6ac4f364b25365eb4a5636beffc836243743ecf7ef4ec391252119aed924cab Trojan.Win64.DEUTERBEAR.ZTLC.enc
Network
freeprous.bakhell[.]com:443
cloudflaread.quadrantbd[.]com:443
showgyella.quadrantbd[.]com:443
rscvmogt.taishanlaw[.]com:443
smartclouds.gelatosg[.]com:443
suitsvm003.rchitecture[.]org:443
cloudsrm.gelatosg[.]com:443
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
The post Earth Hundun’s Hackers Employ Waterbear And Deuterbear Tools For Advanced Cyber Attacks appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
![Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibVtAIXLf372y8tfeV9azWqzD6hFZ81NBon1X4-C4leorSf6f-YRV0OzVrPHQTV1_jGo8NfuX9lA2yEU6Gcl8vAiRw6Eq2faU8kvCTP25UPLBzQkQE_Qrr68V1NUDxSIhBG9tWxgilI0T1dD_fe1hg7eO4xHuWja92hjQ4mD5wBvBKhI2-3Bpc9LVhDAit/s72-c/main.jpg)
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
[[{“value”:”Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store.
The findings come from HUMAN’s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user’s device into a proxy node without their knowledge.”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site