Researchers have spotted a fresh Waterbear campaign in which Taiwanese government agencies have been targeted in sophisticated attacks.
According to CyCraft researchers, the attacks took place in April 2020, but in an interesting twist, the threat group responsible leveraged malware already present on compromised servers — due to past attacks — in order to deploy malware.
Waterbear has previously been associated with BlackTech, an advanced cyberattack group that generally attacks technology companies and government entities across Taiwan, Japan, and Hong Kong.
Trend Micro researchers say the modular malware is primarily “used for lateral movement, decrypting and triggering payloads with its loader component.” Last year, Waterbear captured interest in the cybersecurity industry after implementing API hooking to hide its activities by abusing security products.
See also: Black Hat: Hackers are using skeleton keys to target chip vendors
In the latest wave, CyCraft says a vulnerability was exploited in a common and