WASHINGTON • The US government has issued an alert that a type of malware seen frequently by security researchers in the last decade is tied to the Chinese government, the latest in a series of American warnings about China’s cyber capabilities this summer.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Defence “identified a malware variant used by Chinese government cyber actors, which is known as Taidoor”, said the alert.
The alert, which contained no information about the prevalence of the malware or who has been targeted, is supposed to “enable network defence and reduce exposure to Chinese government malicious cyber activity”, it said.
While this type of malware has been used since 2008, the Chinese government continues to leverage it in ongoing espionage to gain intelligence, according to a US Cyber Command official, who requested anonymity as is the agency’s policy.
Cyber-security firms FireEye and CrowdStrike have seen Taidoor malware used by multiple China-based groups targeting the United States and Asia but have observed a recent decline in its use.
In the past, the malware has hit various sectors, including law, nuclear power, airlines, engineering, defence industrial base, technology, government and aerospace, said the cyber-security firms.
It is commonly sent in spearphishing attacks and used to gain access to systems, said Mr Ben Read, a senior manager of analysis at FireEye.
Washington’s decision to publicly connect Taidoor to China comes as President Donald Trump plans to order Chinese tech company ByteDance to divest its ownership of the music-video app TikTok amid a US probe of potential national security risks.
In May, the US warned organisations researching the coronavirus of “likely targeting and attempted network compromise” by China.