FLASH – TACTICS, TECHNIQUES, AND PROCEDURES ASSOCIATED WITH MALWARE WITHIN CHINESE GOVERNMENT-MANDATED TAX SOFTWARE

Summary

The FBI says that all foreign companies are required by local Chinese laws to install this particular piece of software in order to handle value-added tax (VAT) payments to the Chinese tax authority. Organizations conducting business in China continue to be at risk from system vulnerabilities exploited by the tax software and similar supply chains.   The sophistication of actors working within the Aisano and Biawang software packages reveals they are attempting to hide the capabilities of the software, not removing it or acknowledging the exposure.

ATG has an additional list of Indicators of Compromise (IoC) and can make them available by contacting us.

This is a link that can be shared about the story:

https://www.zdnet.com/article/fbi-warns-us-companies-about-backdoors-in-chinese-tax-software/

 

Posted Date: 08/24/2020
Published Date: 08/24/2020
Source: FBI Cyber Division

Sector : Information Technology

Summary

On 23 July 2020, the FBI disseminated the FLASH message “Chinese Government-Mandated Tax Software Contains Malware, Enabling Backdoor Access” (AC-000129-TT) after the FBI observed reporting of malware distributed through Chinese Government-mandated tax software. FLASH message AC-000129-TT provided several indicators of compromise (IOCs) and a summary of security risks associated with the “Golden Tax System” tax software.

The FBI is disseminating this FLASH message based on the identification of additional IOCs and tactics, techniques, and procedures (TTPs) associated with the malware. The FBI advises all organizations conducting business in China to review FLASH message AC-000129-TT. Observed TTPs associated with the malware can be mapped to the MITRE1 Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK2) for Enterprise framework, Version 7.0.