Security News > 2020 > August > U.S. Attributes Taidoor Malware to Chinese Government Hackers

A malware analysis report published on Monday by the U.S. Department of Defense, the Cybersecurity and Infrastructure Security Agency, and the FBI officially attributes a piece of malware named Taidoor to threat actors sponsored by the Chinese government.
In 2013, FireEye published a report on Taidoor being used in cyber espionage campaigns aimed at government agencies, think tanks and companies, particularly ones with an interest in Taiwan.
While there was some evidence at the time suggesting that China was behind the attacks involving Taidoor, the U.S. government has now officially said that the malware, which it describes as a remote access trojan, is "Used by Chinese government cyber actors."
"FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation," the report reads.
The report published by the U.S. agencies includes technical details on how the malware works, as well as information that can be used by organizations to identify and block attacks involving Taidoor.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)