This year, Japan Security Analyst Conference 2025 (JSAC2025) will be held on Jan. 21-22 with virtual & onsite talks. This annual cyber security conference hosted by JPCERT/CC, aimed to bring together security analysts and provide opportunities for them to share technical knowledge related to incident response and analysis.
TeamT5 will have one session during the event. Our CTI Researcher Yi-Chin Chuang and Yu-Tung Chang will give a speech on “Evolution of Huapi Malware: Growing Focus on Edge Devices '' at 13:30-14:10, Jan. 21.
About Speech
Huapi (aka BlackTech) is a China-nexus APT group that has been active for over a decade. In line with their ongoing threat landscape, this presentation offers an in-depth analysis of the evolution of Huapi’s malware, focusing on their increasing emphasis on targeting edge devices. We will examine three specific malware used by Huapi: SSHTD (aka ELF_PLEAD), Mabackdoor (aka Hipid), and Bifrost, detailing their evolution and technical characteristics. The analysis will cover incidents from 2022 to 2024 that targeted Taiwan and Japan. We will discuss the infection chains, such as the exploitation of the F5 vulnerability, as well as the execution flows of the malware. Our analysis will highlight recent updates to the malware, illustrating how these changes reflect Huapi’s evolving tactics, particularly their growing focus on edge devices. Additionally, we will outline Huapi’s C&C communication chain and provide an overview of their C&C infrastructure. Finally, we will conclude with recommended countermeasures and mitigation strategies.
About JSAC 2025
- Time: Jan. 21-22, 2025
- Venue: Ochanomizu Sora City Conference CenterAkasaka Intercity Conference Center, Tokyo, Japan
Cyber attacks occur on a daily basis, and its techniques have been constantly changing. Engineers who analyze and respond to them are required to improve their skills to keep up with the ever-changing techniques of cyber attacks. However, there are few occasions in Japan where techniques and knowledge of incident analysis and response are shared among engineers. Security analysts are expected to get together and exchange their technical expertise on incident handling to develop their strength against cyber attacks both individually and as a whole.
To achieve this goal, JPCERT/CC hosts Japan Security Analyst Conference (JSAC), the annual conference for exchanging technical information on cyber security incident analysis and response. In this conference, security analysts who handle security incidents on a daily basis are encouraged to share information with each other to deal with ever-evolving cyber attacks today and in the future.
*Image courtesy of JSAC