A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan (RAT) against Western organisations, according to US authorities.
Joint analysis by the US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) reckoned that Taidoor's malware has been deployed onto target systems as a service DLL named svchost.dll.
Svchost is a regular Windows process; the trick of naming malicious files after legitimate ones to defy casual inspection is as old as the concept of malware itself.
Taidoor is said by the Americans to be sponsored by the Chinese government, with their aim being "to maintain a presence on victim networks and to further network exploitation".
Ben Read, a senior analyst at FireEye-owned Mandiant Threat Intelligence told The ..
Support the originator by clicking the read the rest link below.
