United States of America have let out an information about a new computer virus used by China’s State sponsored threat actors. They targeted most of the corporations, governments and research Institutes.
The Chinese built virus is not new to our cyber space, it’s been around with us for more than a decade. It did its work completely awesome by compromising systems from 2008.
We got four samples of Taidoor RAT on public to be found in Virus Total to let other Antivirus organizations and malware researchers to analyze on it.
The Malware got hold into social engineering mails with malicious attachments to target the government of Taiwan in 2012, found by Trend Micro researchers.
Taidoor did not got dropped by dropper instead, it uses a downloader first then it grabs the original file from internet.
NTT Security found and released the evidence of backdoor being used against Japanese organizations via Microsoft word Documents. The execution of the malicious document leads the attacker to take over the system to perform any arbitrary commands.
Taidoor gets installed as DLL file and it infects 2 files at first, first one is the loader(ml.dll) which is started as service and it decrypts the second file(svchost.dll) and plays it in memory which is of course RAT.
Taidoor performs all the traditional actions that a RAT can perform and the threat actors use proxy servers for persistence and further network exploitation.
It is advised and recommended that all the users should update their Operating System and patches up to date , disable all file sharing services, implementations of strong password policy, and extreme caution on email handling.
Hope everyone is safe and secure
See you again in another Blog.
Sam Nivethan V J
Security Analyst & Trainer