The US Federal Bureau of Investigation has sent an alert by warning US companies about backdoor malware that is silently being installed on the networks of foreign companies operating in China via government-mandated tax software. The backdoors allow threat actors to execute unauthorized code, infiltrate networks, and steal proprietary data from branches operating in China.
The FBI says that all foreign companies are required by local Chinese laws to install this particular piece of software in order to handle value-added tax (VAT) payments to the Chinese tax authority.
FBI officials said the backdoor malware was spotted in the VAT software of two Chinese tech companies — namely Baiwang and Aisino.
Unfortunately, these are the only government-authorized tax software service providers allowed to operate VAT software in China, officials said, suggesting that any foreign company operating in China was most likely affected by this issue.
While the FBI alert didn’t point the finger at the Chinese government directly, the alert said that both Baiwang and Aisino operate their VAT software under the management and oversight of NISEC (National Information Security Engineering Center), a state-owned private enterprise, with “foundational links” to China’s People Liberation Army, suggesting to a well-orchestrated nation-state intelligence gathering operation.
