The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks.
“The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government.” reads the US CISA alert.
“CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1, U.S. Cyber Command’s VirusTotal page, and CISA’s Chinese Malicious Cyber Activity page for more information.”
The U.S. Cyber Command has also uploaded four TAIDOOR samples to the repository VirusTotal.
US government agencies published the Malware Analysis Report MAR-10292089-1.v1 (AR20-216A) that includes technical details of the malicious code, such as indicators of compromise (IOCs) and YARA rules for each of sample analyzed by the experts.
“FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity.” reads Malware Analysis Report MAR-10292089-1.v1.
“This MAR includes suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.”
In July, US Justice Department accused two Chinese hackers of stealing trade secrets from companies worldwide and targeting firms developing a COVID-19 vaccine. In May, the FBI and CISA also warned cyber attacks coordinated by Beijing and attempting to steal COVID-19 information from US health care, pharmaceutical, and research industry sectors.
The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations:
(SecurityAffairs – hacking, Taidoor)