Organizations doing business in China have been warned that official looking software mandated for download by domestic banks may actually contain backdoor malware.

Black Screen With Code

THREAT

Baiwang and Aisino are the only government-authorized tax software service providers to operate the Chinese value added tax (VAT) system. The use of either software provider is required by the China Tax Bureau in order for US companies to operate within China’s market. Both companies operate the VAT system under the management and oversight of state-owned enterprise the National Information Security Engineering Center (NISEC). The NISEC has foundational links to the 3PLA.

In July 2018, an employee of a US pharmaceutical company with business interests in China downloaded the Baiwang Tax Control Invoicing software program from baiwang.com. Since at least March 2019, Baiwang released software updates which installed a driver automatically along with the main tax program.

In April 2019, employees of the pharmaceutical company discovered that the software contained malware that created a backdoor on the company’s network. In June 2020, a private cybersecurity firm reported that Intelligence Tax, a tax software from Aisino Corporation that is required by a Chinese bank under the same VAT system, likely contained malware that installed a hidden backdoor to the networks of organizations using the tax software. The malware, named GoldenSpy, was designed to provide cyberactors with unfettered access to victim networks and is believed to have been around since 2016. It is unclear how many organizations may have been compromised

ON-GOING THREAT

“Basically, it was a wide-open door into the network with system-level privileges and connected to a command and control server completely separate from the tax software’s network infrastructure.”

That same company digitally signs GoldenSpy using text, “certified software version upgrade service,” designed to legitimize the malware.

Every corporation operating in China or using the Aisino Intelligent Tax Software should consider this incident a potential threat and should engage in threat hunting, containment and remediation countermeasures.

NEXT STEPS

If you suspect you have any cyber threats, let us help you.

US Service Center will help with discovering and eliminating all your cybersecurity threats. Call us today.

author avatar
US Service Center Your Business technology Partner
Established in 2002, we are celebrating our 20th Anniversary. US Service Center specializes in wide range of services, including tailored, fully managed IT services and solutions for small and medium businesses and their owners. We are committed to providing each and every one of our clients with high quality service and support. Our unique IT team is incredibly friendly and can help you every step of the way in growing your business.