WASHINGTON, D.C. (September 25, 2020)—The Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) has issued a warning to health care providers about the Taidoor Malware being used by the Chinese government.

The warning from the OCR and the Assistant Secretary for Preparedness and Response (ASPR) includes a warning about malware, as well as response actions and recommended mitigation techniques.

This Malware Analysis Report (MAR) is the result of analytic efforts between the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. government partners, CISA, the FBI, and DoD identified a malware variant used by Chinese government cyber actors, which is known as TAIDOOR. For more information on Chinese malicious cyber activity, click here.

The FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, the FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity.

This MAR includes suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

Malicious binaries identified as a x86 and x64 version of Taidoor were submitted for analysis. Taidoor is installed on a target’s system as a service dynamic link library (DLL) and is comprised of two files. The first file is a loader, which is started as a service. The loader decrypts the second file, and executes it in memory, which is the main Remote Access Trojan (RAT).

Read the full Malware Analysis Report for mitigation techniques and further information.

OCR is also sharing an update from the Cybersecurity and Infrastructure Security Agency (CISA), highlighting technical approaches to uncovering malicious activity and implementing mitigation best practices.

This resource provides information that can help organizations identify artifacts that could indicate potential malicious activity as well as actions organizations can take to recover from an incident and enhance its cybersecurity posture.