Saturday, May 24, 2025
HomeMalwareUS GOV Exposes Chinese Espionage Malware "TAIDOOR" Secretly Used To For...

US GOV Exposes Chinese Espionage Malware “TAIDOOR” Secretly Used To For a Decade

Published on

SIEM as a Service

Follow Us on Google News

Recently, the U.S. government exposed Chinese surveillance malware “TAIDOOR” that are secretly used by the Chinese government for a decade.

There has been a joint notice on TAIDOOR that has been revealed by the cybersecurity department of Homeland security (DHS) and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI) and the Department of Defense’s Cyber Command (CyberCom). 

All have claimed that a recent security breach has been detected, and in this event, the hacker who has been identified belongs to China; and TAIDOOR is a code that is generally used by VirusTotal.  

- Advertisement - Google News

Apart from this, there is a very high possibility that Chinese government actors are practicing malware alternatives in association with different proxy servers to keep an appearance on victim networks and to advance network exploitation further. 

The U.S. CYBERCOM command tweeted that China’s TAIDOOR malware has been negotiating systems since 2008. This malware is generally used against government agencies, corporations, and think tanks, mostly ones with interest in Taiwan.

“FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity.”

TAIDOOR – A Malware Used By The Chinese Govt.

TAIDOOR is in use since 2008, but its previous variant has been detected in the year of 2012 and 2013. Recently, the three U.S. government agencies have declared that they’ve spotted TAIDOOR is being used in new attacks. 

TAIDOOR is generally used to install different malware together with the proxy servers so that they can hide the actual source of the malware’s operator.

This new malware named TAIDOOR has variants for 32- and 64-bit systems and is fitted on a victim’s systems as assistance with the name of the dynamic link library (DLL). 

This DLL includes two other files; the initial file is a loader, which is inaugurated as a service. The work of the loader is to decrypt the second file and put it in memory, which is the center that is Remote Access Trojan (RAT). 

Once they install the RAT, this service enables the threat actors to gain access to the infected systems and exfiltrate data or install other malware.

CISA recommendations

The three U.S. government agencies have declared a joint malware analysis report (MAR), it suggested some moderation methods, and here are the recommendations offered by CISA:-

  • Always keep the patches of the OS up-to-date.
  • Reduce the File and Printer sharing services.
  • Keep up-to-date the antivirus Software
  • Implement a secure password system and perform periodic password changes.
  • Restrain users’ ability to install and run undesired software applications.
  • Allow an individual firewall on agency workstations, and configure it to reject all undesirable connection requests.
  • Scan all software downloaded from the internet preceding to execute.
  • Manage situational perception of the most advanced threats and perform proper Access Control Lists (ACLs).

The U.S. Cyber Command has also revealed four samples of the recently identified RAT malware alternatives onto the VirusTotal malware aggregation repository. But, CISA affirmed users to perform the recommended steps carefully so that they can keep their system network safe and secure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

GenAI Assistant DIANNA Uncovers New Obfuscated Malware

Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This...

New Formjacking Malware Targets E-Commerce Sites to Steal Credit Card Data

A disturbing new formjacking malware has emerged, specifically targeting WooCommerce-based e-commerce sites to steal...