Taidoor Malware


Taidoor malware was notorious for compromising thousands of systems in 2008, with the bad actors haven deployed it on targeted networks for remote access.

According to the US intelligence agencies, there is a new variant of the 12-year-old computer virus which was employed by Chinese state-sponsored hackers to target other governments, corporations, and high net worth individuals.

The FBI believes that the Chinese government actors are now using the malware variants in conjunction with proxy servers to maintain a stealthy presence on targeted networks and exploitation; with the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) issuing a joint advisory.

How the Taidoor RAT is used to Target governments and corporations



Trend Micro researchers in 2012 analysis, claimed that the actors behind Taidoor leveraged socially engineered emails with malicious PDF attachments to target Taiwanese government.

While Taidoor is installed on targeted system as a service dynamic link library (DLL) with two files, with the first as a loader (ml.dll), which decrypts the second file (svchost.dll) and executes it in memory, serving as the main RAT (Remote Access Trojan).

Another cybersecurity outfit, FireEye also noted significant changes in their tactics in 2013, whereby the malicious email attachments didn't come with the Taidoor malware, but instead dropped a 'downloader' that could grab the malware remotely. Now, the latest advisory has it that the tactics of using decoy documents with malicious attachments is still used by the actors.

How to Mitigate against Taidoor Malware



The US Cybersecurity and Infrastructure Security Agency (CISA) recommends that network administrators should keep their operating system patches up-to-date, disable any file and printer sharing service, and exercise caution on opening email attachments.

Also, CISA encourages users to report on its official site any suspicious activity, including possible malicious activities, security incidents, software vulnerabilities, and phishing-related scams.

Taidoor Malware: US warns of a new strain of the Chinese 'Taidoor' Virus

Taidoor Malware


Taidoor malware was notorious for compromising thousands of systems in 2008, with the bad actors haven deployed it on targeted networks for remote access.

According to the US intelligence agencies, there is a new variant of the 12-year-old computer virus which was employed by Chinese state-sponsored hackers to target other governments, corporations, and high net worth individuals.

The FBI believes that the Chinese government actors are now using the malware variants in conjunction with proxy servers to maintain a stealthy presence on targeted networks and exploitation; with the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) issuing a joint advisory.

How the Taidoor RAT is used to Target governments and corporations



Trend Micro researchers in 2012 analysis, claimed that the actors behind Taidoor leveraged socially engineered emails with malicious PDF attachments to target Taiwanese government.

While Taidoor is installed on targeted system as a service dynamic link library (DLL) with two files, with the first as a loader (ml.dll), which decrypts the second file (svchost.dll) and executes it in memory, serving as the main RAT (Remote Access Trojan).

Another cybersecurity outfit, FireEye also noted significant changes in their tactics in 2013, whereby the malicious email attachments didn't come with the Taidoor malware, but instead dropped a 'downloader' that could grab the malware remotely. Now, the latest advisory has it that the tactics of using decoy documents with malicious attachments is still used by the actors.

How to Mitigate against Taidoor Malware



The US Cybersecurity and Infrastructure Security Agency (CISA) recommends that network administrators should keep their operating system patches up-to-date, disable any file and printer sharing service, and exercise caution on opening email attachments.

Also, CISA encourages users to report on its official site any suspicious activity, including possible malicious activities, security incidents, software vulnerabilities, and phishing-related scams.

No comments