Saturday, December 9, 2023

US GOV Exposes Chinese Espionage Malware “TAIDOOR” Secretly Used To For a Decade

Recently, the U.S. government exposed Chinese surveillance malware “TAIDOOR” that are secretly used by the Chinese government for a decade.

There has been a joint notice on TAIDOOR that has been revealed by the cybersecurity department of Homeland security (DHS) and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI) and the Department of Defense’s Cyber Command (CyberCom). 

All have claimed that a recent security breach has been detected, and in this event, the hacker who has been identified belongs to China; and TAIDOOR is a code that is generally used by VirusTotal.  

Apart from this, there is a very high possibility that Chinese government actors are practicing malware alternatives in association with different proxy servers to keep an appearance on victim networks and to advance network exploitation further. 

The U.S. CYBERCOM command tweeted that China’s TAIDOOR malware has been negotiating systems since 2008. This malware is generally used against government agencies, corporations, and think tanks, mostly ones with interest in Taiwan.

“FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity.”

TAIDOOR – A Malware Used By The Chinese Govt.

TAIDOOR is in use since 2008, but its previous variant has been detected in the year of 2012 and 2013. Recently, the three U.S. government agencies have declared that they’ve spotted TAIDOOR is being used in new attacks. 

TAIDOOR is generally used to install different malware together with the proxy servers so that they can hide the actual source of the malware’s operator.

This new malware named TAIDOOR has variants for 32- and 64-bit systems and is fitted on a victim’s systems as assistance with the name of the dynamic link library (DLL). 

This DLL includes two other files; the initial file is a loader, which is inaugurated as a service. The work of the loader is to decrypt the second file and put it in memory, which is the center that is Remote Access Trojan (RAT). 

Once they install the RAT, this service enables the threat actors to gain access to the infected systems and exfiltrate data or install other malware.

CISA recommendations

The three U.S. government agencies have declared a joint malware analysis report (MAR), it suggested some moderation methods, and here are the recommendations offered by CISA:-

  • Always keep the patches of the OS up-to-date.
  • Reduce the File and Printer sharing services.
  • Keep up-to-date the antivirus Software
  • Implement a secure password system and perform periodic password changes.
  • Restrain users’ ability to install and run undesired software applications.
  • Allow an individual firewall on agency workstations, and configure it to reject all undesirable connection requests.
  • Scan all software downloaded from the internet preceding to execute.
  • Manage situational perception of the most advanced threats and perform proper Access Control Lists (ACLs).

The U.S. Cyber Command has also revealed four samples of the recently identified RAT malware alternatives onto the VirusTotal malware aggregation repository. But, CISA affirmed users to perform the recommended steps carefully so that they can keep their system network safe and secure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles