Expert Reaction On US govt exposing Chinese espionage malware

The Federal Bureau of Investigation (FBI) released information on malware variants referred to as TAIDOOR used by the  Chinese government-sponsored hackers targeting government agencies and other cooperations. Cybersecurity experts commented below.

Experts Comments

September 23, 2020
Karlo Zanki
Reverse Engineer
ReversingLabs
Taidoor is truly a persistent threat. Government-supported actors often develop malicious tools with the intention of using them to support long-lasting activity, and modify them regularly to remain undetectable. When organizations put a lot of effort into creating a complex tool such as Taidoor, which dates back to 2008, they tend to use it for very targeted attacks rather than massive campaigns. Unfortunately, this means that researchers often don't have many samples for analysis at their.....Read More
Taidoor is truly a persistent threat. Government-supported actors often develop malicious tools with the intention of using them to support long-lasting activity, and modify them regularly to remain undetectable. When organizations put a lot of effort into creating a complex tool such as Taidoor, which dates back to 2008, they tend to use it for very targeted attacks rather than massive campaigns. Unfortunately, this means that researchers often don't have many samples for analysis at their disposal. The new version of Taidoor described by CISA consists of two parts - a loader in a DLL form, and a main RAT module that comes as RC4-encrypted binary data. The loader first decrypts the encrypted main RAT module, and then executes its exported Start function. The report provides two samples for both the loader and the main encrypted RAT module. These samples come with only two C2 domains and one C2 IP, however ReversingLabs recently identified 23 related samples and 40 new C2 IPs and domains extracted from their configurations. Individuals and companies looking for an extended IOC list to bolster their defenses can find the data extracted from the newly discovered samples here: https://blog.reversinglabs.com/hubfs/Blog/Taidoor_SHA1_list.txt https://blog.reversinglabs.com/hubfs/Blog/Taidoor_C2_list.txt  Read Less
August 06, 2020
Joseph Carson
Chief Security Scientist & Advisory CISO
Thycotic
When malware is out in the wild like Taidoor, it is difficult to trace it back to the attacker using it for malicious activities, such as remote access. Absolutely, it is highly likely that the origin of the malware is from China however since it has been around for almost 12 years it is very likely that several governments, organized cybercrime, and mercenary criminal hackers have got hold of the malware and are also using it. One method that a government might use it for is a misdirection to.....Read More
When malware is out in the wild like Taidoor, it is difficult to trace it back to the attacker using it for malicious activities, such as remote access. Absolutely, it is highly likely that the origin of the malware is from China however since it has been around for almost 12 years it is very likely that several governments, organized cybercrime, and mercenary criminal hackers have got hold of the malware and are also using it. One method that a government might use it for is a misdirection to create a scenario where it looks like China is behind a cyberattack when it is actually another attacker using a known malware such a Taidoor to hide their tracks and point to China as the origin.  Read Less
August 06, 2020
Sam Curry
Chief Security Officer
Cybereason
The newest revelations regarding China's repeated attempts to steal IP from U.S. based public and private organisations will result in a strong denial of involvement, as their talking points always include something about how shocked they are and that as a nation aren't involved in espionage or nation-state hacking. In reality, it's a game of 'Xi said,' 'she said' with China looking to distance itself from damning evidence, while at the same they ramping up their efforts to embarrass the U.S......Read More
The newest revelations regarding China's repeated attempts to steal IP from U.S. based public and private organisations will result in a strong denial of involvement, as their talking points always include something about how shocked they are and that as a nation aren't involved in espionage or nation-state hacking. In reality, it's a game of 'Xi said,' 'she said' with China looking to distance itself from damning evidence, while at the same they ramping up their efforts to embarrass the U.S. by hacking into networks and stealing gov't secrets, manufacturing designs, research statistics, and patent-pending vaccines and anything else not kept away from their snooping eyes. In addition, cyber-attacks in a time of pandemic on government entities, healthcare companies, and research infrastructure are diabolical. In any other theater besides cyber, they would be a clear act of war and subject to diplomatic, economic, and potentially military reprisals. Some nation-states are treating the COVID crisis as a continuation of the age-old game of tit-for-tat, and it’s shameful.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.