US GOV Exposes Chinese Espionage Malware “TAIDOOR” Secretly Used To For a Decade

Recently, the U.S. government exposed Chinese surveillance malware “TAIDOOR” that are secretly used by the Chinese government for a decade.

There has been a joint notice on TAIDOOR that has been revealed by the cybersecurity department of Homeland security (DHS) and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI) and the Department of Defense’s Cyber Command (CyberCom). 

All have claimed that a recent security breach has been detected, and in this event, the hacker who has been identified belongs to China; and TAIDOOR is a code that is generally used by VirusTotal.  

Apart from this, there is a very high possibility that Chinese government actors are practicing malware alternatives in association with different proxy servers to keep an appearance on victim networks and to advance network exploitation further. 

The U.S. CYBERCOM command tweeted that China’s TAIDOOR malware has been negotiating systems since 2008. This malware is generally used against government agencies, corporations, and think tanks, mostly ones with interest in Taiwan.

“FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity.”

TAIDOOR – A Malware Used By The Chinese Govt.

TAIDOOR is in use since 2008, but its previous variant has been detected in the year of 2012 and 2013. Recently, the three U.S. government agencies have declared that they’ve spotted TAIDOOR is being used in new attacks. 

TAIDOOR is generally used to install different malware together with the proxy servers so that they can hide the actual source of the malware’s operator.

This new malware named TAIDOOR has variants for 32- and 64-bit systems and is fitted on a victim’s systems as assistance with the name of the dynamic link library (DLL). 

This DLL includes two other files; the initial file is a loader, which is inaugurated as a service. The work of the loader is to decrypt the second file and put it in memory, which is the center that is Remote Access Trojan (RAT). 

Once they install the RAT, this service enables the threat actors to gain access to the infected systems and exfiltrate data or install other malware.

CISA recommendations

The three U.S. government agencies have declared a joint malware analysis report (MAR), it suggested some moderation methods, and here are the recommendations offered by CISA:-

  • Always keep the patches of the OS up-to-date.
  • Reduce the File and Printer sharing services.
  • Keep up-to-date the antivirus Software.
  • Implement a secure password system and perform periodic password changes.
  • Restrain users’ ability to install and run undesired software applications.
  • Allow an individual firewall on agency workstations, and configure it to reject all undesirable connection requests.
  • Scan all software downloaded from the internet preceding to execute.
  • Manage situational perception of the most advanced threats and perform proper Access Control Lists (ACLs).

The U.S. Cyber Command has also revealed four samples of the recently identified RAT malware alternatives onto the VirusTotal malware aggregation repository. But, CISA affirmed users to perform the recommended steps carefully so that they can keep their system network safe and secure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Tags: Malware

Recent Posts

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes. The widespread use of GitHub and…

15 hours ago

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting malware through harmful sites, and flooding…

15 hours ago

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege escalation. This vulnerability has been assigned…

16 hours ago

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS) attacks are actively exploited by hackers. …

16 hours ago

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to create graphical sessions on the system…

2 days ago

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6, introducing Kesakode, a remote hash lookup…

2 days ago