The Situation
On 9 February 2021, Palo Alto‘s threat intelligence team Unit 42 disclosed the discovery of BendyBear – a highly sophisticated cyber espionage tool. BendyBear is alleged to have similarity in code behaviour and features as that of the WaterBear malware family, which was used by cyber espionage group BlackTech. BendyBear is an updated version designed to work with modern 64-bit systems. It uses anti-forensic techniques and the malicious payload is loaded in memory, thus making it challenging to detect. Its main function is to download more malicious payloads from attacker’s controlled command and control (C2) server.
Our Commitment
We expect more updates on BendyBear, and will continue to keep a close watch and provide relevant insights and recommendations to the community. Throughout this festive period, Ensign continues to be available to clients who require assistance on any cyber-related matters.
Our Actions
Ensuring our customers are secured - Security of our clients is key
Enhanced Monitoring
Our Recommendations
We are expecting additional IOCs and TTPs to be uncovered. We will continue to provide updates on the incident, and inform you about additional information.
If you suspect that you could have been affected by the malware, you can contact us for digital forensic and incident response services. You can take preemptive measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme. Contact us at marketing@ensigninfosecurity.com for more information.