Security News > 2020 > August > Uncle Sam blames best pal China as Taidoor crew's dirty RAT takes aim at Western orgs, some have their doubts

A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan against Western organisations, according to US authorities.

Taidoor is said by the Americans to be sponsored by the Chinese government, with their aim being "To maintain a presence on victim networks and to further network exploitation".

Ben Read, a senior analyst at FireEye-owned Mandiant Threat Intelligence told The Register that the Taidoor malware had been "Used extensively by multiple Chinese groups including APT 24 in the last 12 years," adding that "Its use has declined in the past few years."

He continued: "These malware samples [from CISA] appear to be straightforward variants of Taidoor. Taidoor is a backdoor that can execute commands, exfiltrate information or download additional payloads onto a victim machine. We have also seen Taidoor attached to spearphishing emails. Some of the targets which Taidoor was used against include law firms, nuclear power suppliers, aerospace, governments in East Asia, defense industrial base and engineering firms."

Trend Micro published an analysis of the Taidoor malware's C2 traffic eight years ago, noting that it "Primarily targeted government organisations located in Taiwan".

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/04/taidoor_malware_us_cisa_china/