Warning: This malware is tied to the Chinese government, U.S. says
The U.S. government issued an alert Monday that a type of malware seen frequently by security researchers in the last decade is tied to the Chinese government, the latest in a series of American warnings about China’s cyber capabilities this summer.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and the Department of Defense “identified a malware variant used by Chinese government cyber-actors, which is known as Taidoor,” according to the alert. The purpose of the alert, which contained no information about the prevalence of the malware or who has been targeted, is to “enable network defense and reduce exposure to Chinese government malicious cyber-activity.”
While this type of malware has been used since 2008, the Chinese government continues to leverage it in ongoing espionage to gain intelligence, according to a U.S. Cyber Command official, who requested anonymity as is the agency’s policy.
The cybersecurity firms FireEye Inc. and CrowdStrike have seen Taidoor malware used by multiple China-based groups targeting the U.S. and Asia but have observed a recent decline in its use.
In the past, the malware has hit sectors including law, nuclear power, airlines, engineering, defense industrial base, technology, government and aerospace, according to the cybersecurity firms. It’s commonly sent in spearphishing attacks and used to gain access to systems, said Ben Read, a senior manager of analysis at FireEye.
The government’s decision to publicly connect Taidoor to China comes as President Donald Trump plans to order China’s ByteDance Ltd. to divest its ownership of the music-video app TikTok amid a U.S. investigation of potential national security risks. In May, the U.S. warned organizations researching coronavirus of “likely targeting and attempted network compromise” by China.