Security News > 2020 > August > US Government Warns of a New Strain of Chinese 'Taidoor' Virus
"[The] FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation," the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Defense said in a joint advisory.
The US Cyber Command has also uploaded four samples of the Taidoor RAT on the public malware repository VirusTotal to let 50+ Antivirus companies check the virus's involvement in other unattributed campaigns.
In an analysis by Trend Micro researchers in 2012, the actors behind Taidoor were found to leverage socially engineered emails with malicious PDF attachments to target the Taiwanese government.
Calling it a "Constantly evolving, persistent threat," FireEye noted significant changes in its tactics in 2013, wherein "The malicious email attachments did not drop the Taidoor malware directly, but instead dropped a 'downloader' that then grabbed the traditional Taidoor malware from the Internet."
In addition to executing remote commands, Taidoor comes with features that allow it to collect file system data, capture screenshots, and carry out file operations necessary to exfiltrate the gathered information.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/WyH5HVBucA4/chinese-hacking-malware.html
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)