CISA, FBI and DoD issue alert on TAIDOOR, new Chinese malware variant
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.
"Remote Access Trojans (RATs) are an insidious set of attacker tools that invade our systems, data and privacy," says Matt Walmsley, EMEA Director at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyber attackers. "With so much legitimate remote access happening across our networks and hosts, there’s plenty of opportunity for RATs to operate undiscovered for extended periods as they hide in plain sight. They are a particularly useful tool for nation state level threat actors who want to perform extended reconnaissance and maintain a point of persistent inside target organizations. That certainly seems to be the case here with activity being linked back to China from 2008."