Expert Comments

Expert Reaction On US govt exposing Chinese espionage malware

Expert(s): Security Experts
Expert(s): Security Experts

The Federal Bureau of Investigation (FBI) released information on malware variants referred to as TAIDOOR used by the  Chinese government-sponsored hackers targeting government agencies and other cooperations. Cybersecurity experts commented below.

Experts Comments

Dot Your Expert Comments
Karlo Zanki
September 23, 2020
Reverse Engineer
ReversingLabs

New Taidoor RAT samples and C2 IPs and domains have been identified, allowing organizations to bolster defenses with an extended IOC list.
Taidoor is truly a persistent threat. Government-supported actors often develop malicious tools with the intention of using them to support long-lasting activity, and modify them regularly to remain undetectable. When organizations put a lot of effort into creating a complex tool such as Taidoor, which dates back to 2008, they tend to use it for very targeted attacks rather than massive campaigns. Unfortunately, this means that researchers often don't have many samples for analysis at their.....Read More
Taidoor is truly a persistent threat. Government-supported actors often develop malicious tools with the intention of using them to support long-lasting activity, and modify them regularly to remain undetectable. When organizations put a lot of effort into creating a complex tool such as Taidoor, which dates back to 2008, they tend to use it for very targeted attacks rather than massive campaigns. Unfortunately, this means that researchers often don't have many samples for analysis at their disposal. The new version of Taidoor described by CISA consists of two parts - a loader in a DLL form, and a main RAT module that comes as RC4-encrypted binary data. The loader first decrypts the encrypted main RAT module, and then executes its exported Start function. The report provides two samples for both the loader and the main encrypted RAT module. These samples come with only two C2 domains and one C2 IP, however ReversingLabs recently identified 23 related samples and 40 new C2 IPs and domains extracted from their configurations. Individuals and companies looking for an extended IOC list to bolster their defenses can find the data extracted from the newly discovered samples here: https://blog.reversinglabs.com/hubfs/Blog/Taidoor_SHA1_list.txt https://blog.reversinglabs.com/hubfs/Blog/Taidoor_C2_list.txt  Read Less
Joseph Carson
August 06, 2020
Chief Security Scientist & Advisory CISO
Thycotic

One method that a government might use it for is a misdirection to create a scenario where it looks like China is behind a cyberattack.
When malware is out in the wild like Taidoor, it is difficult to trace it back to the attacker using it for malicious activities, such as remote access. Absolutely, it is highly likely that the origin of the malware is from China however since it has been around for almost 12 years it is very likely that several governments, organized cybercrime, and mercenary criminal hackers have got hold of the malware and are also using it. One method that a government might use it for is a misdirection to.....Read More
When malware is out in the wild like Taidoor, it is difficult to trace it back to the attacker using it for malicious activities, such as remote access. Absolutely, it is highly likely that the origin of the malware is from China however since it has been around for almost 12 years it is very likely that several governments, organized cybercrime, and mercenary criminal hackers have got hold of the malware and are also using it. One method that a government might use it for is a misdirection to create a scenario where it looks like China is behind a cyberattack when it is actually another attacker using a known malware such a Taidoor to hide their tracks and point to China as the origin.  Read Less
Sam Curry
August 06, 2020
Chief Security Officer
Cybereason

In any other theater besides cyber, they would be a clear act of war and subject to diplomatic, economic, and potentially military reprisals.
The newest revelations regarding China's repeated attempts to steal IP from U.S. based public and private organisations will result in a strong denial of involvement, as their talking points always include something about how shocked they are and that as a nation aren't involved in espionage or nation-state hacking. In reality, it's a game of 'Xi said,' 'she said' with China looking to distance itself from damning evidence, while at the same they ramping up their efforts to embarrass the U.S......Read More
The newest revelations regarding China's repeated attempts to steal IP from U.S. based public and private organisations will result in a strong denial of involvement, as their talking points always include something about how shocked they are and that as a nation aren't involved in espionage or nation-state hacking. In reality, it's a game of 'Xi said,' 'she said' with China looking to distance itself from damning evidence, while at the same they ramping up their efforts to embarrass the U.S. by hacking into networks and stealing gov't secrets, manufacturing designs, research statistics, and patent-pending vaccines and anything else not kept away from their snooping eyes. In addition, cyber-attacks in a time of pandemic on government entities, healthcare companies, and research infrastructure are diabolical. In any other theater besides cyber, they would be a clear act of war and subject to diplomatic, economic, and potentially military reprisals. Some nation-states are treating the COVID crisis as a continuation of the age-old game of tit-for-tat, and it’s shameful.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

UK Minister Raab Wakes Up to Aggressive Cyber-Attacks Targeting British...

~200K US Military Vets’ Medical Records Leaked by 3rd Pty...

Experts Responses on Verizon DBiR Findings

Expert Reaction On Researcher Proves AirTags Can Be Hacked

Babuk Ransomware Gang Again Threatens DC Police Data Release

UK Home Secretary Warns Not To Pay Out To Ransomware...

U.S. Issues Ransomware Advice For Critical Infrastructure

Android Banking Trojan- Experts Insight

TeaBot Android Bank Trojan Steals EU User Credentials

NCSC Active Cyber Defence Fourth Year Report