"BlackTech Espionage Gang Adds to Malware Toolset"

BlackTech is an espionage group linked to China, which is said to be more than a decade old. The group has updated its malware arsenal with new tools. According to researchers with PwC's threat intelligence team, BlackTech has been using a downloader called Flagpro and a backdoor called BTSDoor in recent spearphishing email attacks, suggesting the continued development of the threat group's toolset. The group previously relied on malware such as the TSCookie and PLEAD Remote Access Trojans (RATs) to carry out espionage. It has been around since 2010, but researchers have observed that since 2018, it has been developing new tools, including the Consock malware, Waterbear loader, different ELF variants of the TSCookie malware. BlackTech's main targets have been companies in Taiwan, but its targeting has expanded to organizations in Japan, Hong Kong, China, and the U.S. This article continues to discuss findings surrounding BackTech's history, targets, attack chain, infrastructure, and exploits.

Duo Security reports "BlackTech Espionage Gang Adds to Malware Toolset"