US Government Warns Public of Malware Linked to Chinese Government

The US government has issued an alert to the public to be aware of a frequently-seen malware over the last decade that is linked to the Chinese government.

Taidoor malware linked to US Government
The US government has sent out an alert regarding a malware used by the Chinese government. Pixabay

Joint Malware Analysis Report

According to a report by Bloomberg, the alert has been issued by different federal and government agencies, including the Federal Bureau of Investigation (FBI), the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA), and the Department of Defense this Monday, August 3.

Based on the issued alert, the government has "identified a malware variant used by Chinese government cyber-actors, which is known as Taidoor," and that the purpose of the alert is to "enable network defense and reduce exposure to Chinese government malicious cyber-activity."

Furthermore, the alert said that the FBI has "high confidence" that the malware variants are used by Chinese government actors together with proxy servers to maintain their presence and further exploit their victim's network.

The Malware Analysis Report (MAR) also includes suggestions from the authorities regarding suitable response actions and mitigation techniques.

Nevertheless, the malware alert did not contain who the malware has targeted or its prevalence.

Spotted in the Wild Since 2008

According to an unnamed US Cyber Command official, this type of malware has been seen by security researchers since 2008, but the Chinese government allegedly continues to use it as a leverage to gain intelligence in ongoing espionage.

Additionally, cybersecurity firms CrowdStrike and FireEye Inc. have also seen the Taidoor malware used by several groups based in China to attack the US as well as other countries in Asia.

However, the firms report that there's been a recent decline in the malware's use.

Ben Read, a senior manager at analysis in FireEye, said that in the past, the Taidoor malware is frequently sent as spear phishing attacks that attackers use to gain access to the victim's systems.

The firms also claimed that this type of malware had been used to attack several sectors, including airlines, law, defense industrial base, nuclear power, engineering, technology, the government, aerospace.

After the alert has been sent out, malware analyst from Nextron Systems, Florian Roth, said that he has been detecting Taidoor samples in the past, with the most recent detection in March 2019.

However, the malware is going by the name Taurus RAT.

Previous Joint Reports

In a report by ZDNet, this is not the first time the FBI, the Department of Defense's Cyber Command (CyberCom), and the DHS CISA have worked together to release malware reports.

The first joint alert of the agencies was sent out earlier this year in February regarding six new malware strains that have been developed by North Korea's state-sponsored hackers and are being distributed via a North Korean phishing campaign.

Based on the malware report, CyberCom believes North Korean hackers use the malware to access infected systems remotely and steal funds from the victims, which will be transferred to the country at a later date to avoid economic sanctions.

The malware samples have been identified as SLICKSHOES, ARTFULPIE, BISTROMATH, BUFFETLINE, CROWDEDFLOUNDER, and HOTCROISSANT.

This article is owned by TechTimes

Written by: Nhx Tingson

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics