Skip to main content

Posts

Showing posts from December 15, 2019

Government Networks Attacked by BlackTech Hackers Group Using API Hooking Technique in Malware to Evade Detection

Cyberespionage group known as BlackTech who behind the Waterbear malware campaign that has been targeted at various industries several years return to attack Government and technology companies. Researchers recently uncovered a brand new piece of Waterbear payload with sophisticated hiding capability in the network from a specific security product by API hooking techniques.  API hooking is a technique used to modify or hide the  API Calls  behavior and flow to evade detection of its activities in run time. If the attacker knowing which specific APIs to hook in their attack, it means that they are familiar with how certain security products gather information on their clients’ endpoints and networks. Researchers excited that this is the first time seen Waterbear attempting to hide its backdoor activities, and the attackers are very knowledgeable of the victim’s environment. Waterbear Malware Behaviour There is some modular approach that was observed t...