Taiwan blames Chinese APTs for hacking campaign.
Authorities in Taiwan have blamed four Chinese government hacking groups—Blacktech, Taidoor, Mustang Panda, and APT40—for running cyberespionage campaigns against ten Taiwanese government agencies since at least 2018, the South China Morning Post reports. The Taiwan Investigation Bureau's Cyber Security Investigation Office said the actors placed backdoors on email servers and gained access to around six-thousand government email accounts. In some cases, the attackers first compromised Taiwanese tech companies that worked as contractors for the government, using these to obtain footholds within government networks. Taipei isn't sure exactly what information was stolen, since the attackers erased evidence of their activities.
Beijing called Taiwan's accusations "malicious slander," Reuters reports.
GoldenSpy's operators are trying to cover their tracks.
Trustwave's SpiderLabs reports finding five versions of an uninstaller for the GoldenSpy backdoor carried by tax software whose use is required of companies doing business in China. The uninstaller was dropped by an update module to erase GoldenSpy before deleting itself. Trustwave believes the uninstallers were deployed by those behind the GoldenSpy backdoor to cover their traces. The actors also issued modified versions of the uninstallers which Trustwave says were "specifically designed to evade our YARA rules we published."
The researchers conclude that their findings "should serve as a wakeup call for organizations because it proves any actions including implanting and extracting malware can be taken covertly and at the will of the attacker with the help of the updater module without impacting the functionality of the Golden Tax software."