Three agencies of the US government, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense’s Cyber Command (CyberCom), and the Federal Bureau of Investigations (FBI) have published a joint alert on Taidoor, a new strain of malware which has been used during recent security breaches by Chinese government hackers.
The three agencies have started collaborating recently on releasing joint reports about new malware threats. Their most recent joint alert warns about the new Chinese malware.
The new malware called Taidoor has versions for 32- and 64-bit systems and is installed on a victim’s systems as a service dynamic link library (DLL). This DLL contains two other files.
The first file is a loader, which is started as a service. The loader decrypts the second file, and executes it in memory, which is the main Remote Access Trojan (RAT).
The Taidoor RAT then permits the Chinese hackers to access infected systems and exfiltrate data or deploy other malware.
Taidoor is usually deployed together with proxy servers to hide the true point of origin of the malware’s operator.
The joint alert introduces the cyber-security world to a new threat, but the malware has been around and silently deployed on victim networks for at least 12 years, since 2008.
A joint Malware Analysis Report (MAR) was published by the three agencies which contains mitigation techniques and suggested response actions for organizations that want to improve detection, prevent infections, or have been infected already and need to remove the malware from their systems.
Four samples of the Taidoor malware has been uploaded by US Cyber Command on the VirusTotal portal from where cyber-security firms and independent malware analysts can download the files.
Image Credits : Masterhacks Blog