October 30, 2020

Volume X, Number 304

Advertisement

October 30, 2020

Subscribe to Latest Legal News and Analysis

October 29, 2020

Subscribe to Latest Legal News and Analysis

October 28, 2020

Subscribe to Latest Legal News and Analysis

October 27, 2020

Subscribe to Latest Legal News and Analysis

U.S. Organizations Doing Business in China Warned of Malware in Tax Software

The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Flash Alert to U.S. based businesses doing business in China about a remote targeting campaign whereby the tax software that Chinese domestic banks require foreign companies to install is loaded with malware.

Trustwave researchers warned in June 2020 that they had discovered a backdoor in the required tax software used by the Chinese domestic banks dubbed GoldenSpy. The backdoor reportedly could not be removed and allowed remote installation of additional malware.

Not only did the required tax software install malware into U.S. companies’ systems, but when Trustwave researchers detected the malware, several days later, the Trustwave researchers found that the GoldenSpy authors attempted to secretly load uninstaller software on the affected systems to remove the backdoor because they got caught!

The FBI and CISA is warning companies that security teams should be utilized to remove the malware as the attackers are attempting to evade industry standard network security rules.

“The FBI assesses that the cyber-actors’ persistent attempts to silently remove the malware is not a sign of resignation. Rather, it is an effort to hide their capabilities. Organizations conducting business in China continue to be at risk from system vulnerabilities exploited by the tax software and similar supply chains.”

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 240
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement