Chinese Government-Mandated Tax Software Contains Malware, Enabling Backdoor Access
FBI FLASH
Original Release Date: 7/23/2020
Summary
The FBI seeks to inform US companies in the healthcare, chemical, and finance sectors of potential targeting activity by the Chinese government against their business and operational components based in China. As early as March 2019, at least two Western companies operating in China detected malware that was delivered through Chinese vendors that were responsible for releasing tax software upgrades following changes in 2018 to China’s value-added tax (VAT). The malware launched a backdoor into victim systems, which the FBI assesses likely allows cyber actors to preposition to conduct remote code execution and exfiltration activities on the victim’s network.
This FBI FLASH contains an overview of the threat, indicators of compromise, recommended mitigation measures, and is being provided to assist cyber security professionals and system administrators guard against the persistent malicious actions of cyber actors.
Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form by clicking here.
Please do not hesitate to contact us at njccic@cyber.nj.gov with any questions.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.