Western Digital boots outdated NAS devices off of My Cloud
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. […] Read More
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently…
Finland warns of Akira ransomware wiping NAS and tape backup devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. […] Read More
Earth Hundun’s Hackers Employ Waterbear And Deuterbear Tools For Advanced Cyber Attacks
[[{“value”:”
Hackers always keep evolving their tools to stay ahead of defense systems and exploit new vulnerabilities.
Cybersecurity researchers at Trend Micro reported that the Earth Hundun (BlackTech) cyberespionage group has seen a rise in cyberattacks.
These attacks exploit the Waterbear virus family, which is renowned for its intricate anti-analysis skills and regularly revised loaders, downloaders, and communication protocols by developers.
The most recent version, Deuterbear, uses more elaborate evasion strategies that necessitate a detailed examination of this multifaceted malware weapons stockpile, which is used for spying, especially in the Asia Pacific region.
Waterbear And Deuterbear Tools
Since 2009, Waterbear has undergone more than ten versions, with developers continuously working on infection processes until the time when a successful compromise was achieved which resulted in multiple coexistence of these versions among victims.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
It is important to note that some Waterbear downloaders use internal IP addresses as their C&C servers, which suggests that they know the target networks deeply and use multilayer jump servers to persist stealthily and control compromised environments, according to the report.
The fact that these sophisticated techniques are designed for evasion and longevity reflects the advanced nature of these attacks as well as the determined efforts of the threat actors behind this constantly changing malware family.
Deuterbear is the latest Waterbear downloader variant which was active since 2022 and represents a distinct malware entity separate from the original Waterbear downloader category.
This classification originates from significant updates to its decryption flow and configuration structure, marking a notable evolution in the malware’s capabilities.
Here below, we have mentioned all the key differences between the Deuterbear downloader and the Waterbear downloader:-
Comparison (Source – Trend Micro)
The Earth Hundun group has been incessantly transforming Waterbear into a more advanced version known as Deuterbear since 2009.
Using HTTPS encryption, debugger/sandbox checks, changed decryption, and updated protocols makes Deuterbear the most recent in sophistication infection methods and anti-analysis mechanisms.
Earth Hundun still penetrates Asia-Pacific targets despite these defenses, with an ever-improving Waterbear that poses considerable difficulties.