Tuesday, November 26, 2024
HomeMalwareUS GOV Exposes Chinese Espionage Malware "TAIDOOR" Secretly Used To For...

US GOV Exposes Chinese Espionage Malware “TAIDOOR” Secretly Used To For a Decade

Published on

Recently, the U.S. government exposed Chinese surveillance malware “TAIDOOR” that are secretly used by the Chinese government for a decade.

There has been a joint notice on TAIDOOR that has been revealed by the cybersecurity department of Homeland security (DHS) and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI) and the Department of Defense’s Cyber Command (CyberCom). 

All have claimed that a recent security breach has been detected, and in this event, the hacker who has been identified belongs to China; and TAIDOOR is a code that is generally used by VirusTotal.  

- Advertisement - SIEM as a Service

Apart from this, there is a very high possibility that Chinese government actors are practicing malware alternatives in association with different proxy servers to keep an appearance on victim networks and to advance network exploitation further. 

The U.S. CYBERCOM command tweeted that China’s TAIDOOR malware has been negotiating systems since 2008. This malware is generally used against government agencies, corporations, and think tanks, mostly ones with interest in Taiwan.

“FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity.”

TAIDOOR – A Malware Used By The Chinese Govt.

TAIDOOR is in use since 2008, but its previous variant has been detected in the year of 2012 and 2013. Recently, the three U.S. government agencies have declared that they’ve spotted TAIDOOR is being used in new attacks. 

TAIDOOR is generally used to install different malware together with the proxy servers so that they can hide the actual source of the malware’s operator.

This new malware named TAIDOOR has variants for 32- and 64-bit systems and is fitted on a victim’s systems as assistance with the name of the dynamic link library (DLL). 

This DLL includes two other files; the initial file is a loader, which is inaugurated as a service. The work of the loader is to decrypt the second file and put it in memory, which is the center that is Remote Access Trojan (RAT). 

Once they install the RAT, this service enables the threat actors to gain access to the infected systems and exfiltrate data or install other malware.

CISA recommendations

The three U.S. government agencies have declared a joint malware analysis report (MAR), it suggested some moderation methods, and here are the recommendations offered by CISA:-

  • Always keep the patches of the OS up-to-date.
  • Reduce the File and Printer sharing services.
  • Keep up-to-date the antivirus Software
  • Implement a secure password system and perform periodic password changes.
  • Restrain users’ ability to install and run undesired software applications.
  • Allow an individual firewall on agency workstations, and configure it to reject all undesirable connection requests.
  • Scan all software downloaded from the internet preceding to execute.
  • Manage situational perception of the most advanced threats and perform proper Access Control Lists (ACLs).

The U.S. Cyber Command has also revealed four samples of the recently identified RAT malware alternatives onto the VirusTotal malware aggregation repository. But, CISA affirmed users to perform the recommended steps carefully so that they can keep their system network safe and secure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk,...

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive...

Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec,...

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive...

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...