The US government issued an alert on Monday that a type of malware seen frequently by security researchers in the last decade is tied to the Chinese government, the latest in a series of American warnings about China’s cyber capabilities this summer.
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and the Department of Defense “identified a malware variant used by Chinese government cyber-actors, which is known as Taidoor,” according to the alert. The purpose of the alert, which contained no information about the prevalence of the malware or who has been targeted, is to “enable network defense and reduce exposure to Chinese government malicious cyber-activity.”
While this type of malware has been used since 2008, the Chinese government continues to leverage it in ongoing espionage to gain intelligence, according to a US Cyber Command official, who requested anonymity as is the agency’s policy.
The cybersecurity firms FireEye Inc. and CrowdStrike have seen Taidoor malware used by multiple China-based groups targeting the US and Asia but have observed a recent decline in its use.
In the past, the malware has hit sectors including law, nuclear power, airlines, engineering, defense industrial base, technology, government and aerospace, according to the cybersecurity firms. It’s commonly sent in spearphishing attacks and used to gain access to systems, said Ben Read, a senior manager of analysis at FireEye.
The government’s decision to publicly connect Taidoor to China comes as President Donald J. Trump plans to order China’s ByteDance Ltd. to divest its ownership of the music-video app TikTok amid a US investigation of potential national security risks. In May, the US warned organizations researching coronavirus of “likely targeting and attempted network compromise” by China.
Bloomberg News