New Malware Backdoor Discovered - Analyzing the Reach of Chinese Hacker Groups

China-based hacker groups have been busy making the headlines, mostly regarding cyber espionage campaigns. 

What’s going on?

A new variant of a 12-year-old computer virus has been spotted by U.S. intelligence agencies. Dubbed Taidoor, the malware has been compromising systems since 2008 with threat actors deploying it for remote access without being detected. Apart from executing remote commands, this strain collects file system data, captures screenshots, and conducts operations essential to exfiltrate the collected information. 

This is not the only one

  • The GoldenSpy backdoor trojan was discovered in the official tax software of a Chinese bank, which western enterprises were being forced to install. However, it is yet unclear if this was the work of Chinese intelligence or just hackers looking towards some financial gain.
  • Last month, it was stated by a cybersecurity firm that the RedDelta - a state-sponsored Chinese hacker group - had penetrated the computer networks in the Vatican, preceding the negotiations between Beijing and the Catholic Church.
  • In July, China was accused by U.S. officials if sponsoring cybercriminals targeting firms researching coronavirus treatments and vaccines.
  • In May, Naikon - a Chinese hacker group - was spotted conducting a five-year cyber espionage campaign against Asia Pacific countries. The group targeted the science & technology and foreign affairs ministries, along with government-owned companies to collect geopolitical intelligence.

What are the motives?

  • The state-sponsored actors are attempting to profit from the global crisis and steal information that could economically benefit the nation.
  • These attacks are often conducted to gain information about their targets or access to targets through relationships with a third-party.

Cyber espionage is becoming increasingly aggressive. How to stay safe?

  • Leveraging threat intelligence to improve detection of latest attack tactics and techniques.
  • Ensuring that the entire organizational software is patched and up to date.
  • Secure DDoS protection that does not depend on static signatures but can identify and mitigate zero-day attacks.
  • Educate the workforce on different types of cyber attacks and best practices. Use multi-factor authentication.

Final words

The bottom line is that state-sponsored attacks are a highly rewarding way to conduct military and espionage operations. Given this, Chinese hackers seem to have mastered the art of staying undetected while carrying out covert operations on victims’ systems across the world. Thus, organizations need to take ownership of their cybersecurity hygiene and stay safe from being exploited.