{"id":5512,"date":"2020-08-24T08:45:28","date_gmt":"2020-08-24T15:45:28","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5512"},"modified":"2023-10-12T13:51:04","modified_gmt":"2023-10-12T20:51:04","slug":"fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/","title":{"rendered":"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software"},"content":{"rendered":"<p><em>By Suzanne Ronca, Phil Miller and Chris Usserman<\/em><\/p>\n<p><span style=\"font-weight: 400;\">On July 23, 2020, the Federal Bureau of Investigation, Cyber Division, sent out an alert number AC-000129-TT\u00b9<\/span><span style=\"font-weight: 400;\"> to inform U.S. enterprises in the healthcare, chemical, and finance industries of potential targeting by the Chinese government against their business and operations based in China. The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Per the FBI, the U.S. Department of Homeland Security, and Britain\u2019s National Cyber Security Center, \u201c hackers continue to actively target organizations that include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Infoblox\u2019s BloxOne Threat Defense (B1TD) is designed to protect enterprises from threats such as those identified by the FBI in the recent alert. Infoblox provided an internal investigation and review, and good news. We have those specific indicators already in our BloxOne Threat Defense product both natively (Infoblox-sourced), and partner feeds from SURBL (newly-observed domains), Crowdstrike, and FireEye.\u00a0<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this specific instance, Infoblox and several of our premium partners already identified the FBI-reported IOCs in our threat feeds.\u00a0 Hence, existing customers exercising our DNS security solutions would be protected as they automatically receive threat feed updates at a customer-configured period, including real-time updates, and have access to informative context to help identify related threat intelligence, associated domains, and threat infrastructure.<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Further, BloxOne Threat Defense provides customers with the ability to configure custom rule sets containing their derived threat indicators, as depicted in the screenshot below.\u00a0 BloxOne Threat Defense can be explicitly configured as it relates to enforcing the list of \u201cIOC\u201d (Indicator of Compromise) Domains, look-alike, other C2 concerns, and threats research around all DNS based client\/server traffic which occur.\u00a0 Then, as soon as any system, anywhere in the world attempts to resolve the IP address associated with these domains, BloxOne Threat Defense will enforce the defined policy (e.g., block the action) and contain the threat.<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here\u2019s a screenshot of B1TD\u2019s policy engine that would enforce this specific scenario:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5513 size-full\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/FBI-laden-chinese-1.png\" alt=\"\" width=\"1280\" height=\"682\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/FBI-laden-chinese-1.png 1280w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/FBI-laden-chinese-1-300x160.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/FBI-laden-chinese-1-1024x546.png 1024w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/FBI-laden-chinese-1-768x409.png 768w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">According to the National Security Agency (NSA), a substantial percentage of malicious command &amp; control activity can be stopped in its tracks just by controlling your DNS.\u00a0 Infoblox\u2019s integrations across the security ecosystem enable organizations to enact and automate playbooks in response to various threats triggered by only one event.\u00a0 For example, Infoblox can send an alert message to an endpoint solution associated with a customer\u2019s organization, which attempted to communicate with a \u2018bad\u2019 domain on the internet.\u00a0 Or we can integrate many other tools, such as ServiceNow, NextGen Firewalls, or SOAR\/SIEM platforms.<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Also, exfiltration campaigns are increasingly seen abusing DNS platforms using various techniques; Infoblox provides Data Exfiltration protection for DNS (Cloud, On-Premise, or Hybrid). Infoblox security solutions are purpose-built to ensure uptime and protect the end customer\/brand.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here is an excellent ~5-minute video that summarizes how Infoblox DNS Security can help:\u00a0 <\/span><a href=\"https:\/\/www.youtube.com\/watch?v=6GtjriAais0\"><span style=\"font-weight: 400;\">https:\/\/www.youtube.com\/watch?v=6GtjriAais0<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here is a data sheet on BloxOne Threat Defense Advanced: <\/span><a href=\"https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-datasheet-bloxone-threat-defense-advanced.pdf\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-datasheet-bloxone-threat-defense-advanced.pdf<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>If you want to know more, please reach out to us directly via <a href=\"https:\/\/info.infoblox.com\/contact-form\" target=\"_blank\" rel=\"noopener\">https:\/\/info.infoblox.com\/contact-form<\/a>.<\/p>\n<p>\u00b9<a href=\"https:\/\/www.ic3.gov\/media\/news\/2020\/200728.pdf\">https:\/\/www.ic3.gov\/media\/news\/2020\/200728.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Suzanne Ronca, Phil Miller and Chris Usserman On July 23, 2020, the Federal Bureau of Investigation, Cyber Division, sent out an alert number AC-000129-TT\u00b9 to inform U.S. enterprises in the healthcare, chemical, and finance industries of potential targeting by the Chinese government against their business and operations based in China. The FBI noted that [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":3599,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[32,40,346],"class_list":{"0":"post-5512","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-malware","9":"tag-threat-intelligence","10":"tag-healthcare","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software<\/title>\n<meta name=\"description\" content=\"The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software\" \/>\n<meta property=\"og:description\" content=\"The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-24T15:45:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T20:51:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software\",\"datePublished\":\"2020-08-24T15:45:28+00:00\",\"dateModified\":\"2023-10-12T20:51:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/\"},\"wordCount\":623,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/september1-1-1.jpg\",\"keywords\":[\"Malware\",\"Threat Intelligence\",\"Healthcare\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/\",\"name\":\"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/september1-1-1.jpg\",\"datePublished\":\"2020-08-24T15:45:28+00:00\",\"dateModified\":\"2023-10-12T20:51:04+00:00\",\"description\":\"The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/september1-1-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/september1-1-1.jpg\",\"width\":660,\"height\":454,\"caption\":\"Enhanced IPAM with Network Insight\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software","description":"The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/","og_locale":"en_US","og_type":"article","og_title":"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software","og_description":"The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/","og_site_name":"Infoblox Blog","article_published_time":"2020-08-24T15:45:28+00:00","article_modified_time":"2023-10-12T20:51:04+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software","datePublished":"2020-08-24T15:45:28+00:00","dateModified":"2023-10-12T20:51:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/"},"wordCount":623,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg","keywords":["Malware","Threat Intelligence","Healthcare"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/","url":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/","name":"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg","datePublished":"2020-08-24T15:45:28+00:00","dateModified":"2023-10-12T20:51:04+00:00","description":"The FBI noted that earlier this year, at least two Western companies operating in China detected malware directly attributed to tax software upgrades required for the Chinese value-added tax (VAT). This malware is embedded in the Chinese software and appears to launch a backdoor into the victim\u2019s systems. This backdoor prepositions the future use of remote code execution, data exfiltration, and other dangerous and unauthorized activity on the victim\u2019s network. Chinese government-based cyber operations have targeted U.S. healthcare, life sciences (pharmaceutical), and chemical sector companies for many years.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg","width":660,"height":454,"caption":"Enhanced IPAM with Network Insight"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/fbi-alert-warns-of-chinese-govt-sponsored-attacks-using-malware-laden-tax-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"FBI Alert Warns of Chinese Govt Sponsored Attacks Using Malware-Laden Tax Software"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5512","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5512"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5512\/revisions"}],"predecessor-version":[{"id":9005,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5512\/revisions\/9005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/3599"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}