Spyware found in Chinese tax software used by a U.S. multinational technology company was probably planted by nation-state, security experts say

First, China gave America the “gift”of coronavirus. Almost at the same time coronavirus started to spread around the world, the country gave another gift to a multinational technology company operating in China. This time, the gift is a software virus dubbed “GoldenSpy.” Earlier this year, a multinational technology vendor conducting business in China found a hidden piece of malware inside a tax software it was instructed to install in order pay local taxes.

According to NBC News, citing a report from cybersecurity firm Trustwave, the sophisticated piece of malware later gave attackers complete access to the company’s network. Trustwave said the spyware kicked into action just two hours after the tax software was installed. GoldenSpy later created a “backdoor” that allowed cyber attackers to install other types of malware on the network. Trustwave said it is not clear whether it was implanted by the Chinese government or a criminal group.

Brian Hussey, a former FBI cyber specialist and Trustwave’s vice president for threat detection and response, said companies need to be hyper aware when conducting business in China. “It’s the latest example of how companies and individuals should take special care when operating in China,” Hussey said.

Trustwave did not disclose name of the hacked company, other than to call it a technology vendor that does business in the U.S., U.K. and Australian defense sectors. However, Trustwave published a report Thursday warning other companies how to search to see if they are victims of the unwanted malware.

“The GoldenSpy campaign…has the characteristics of a coordinated Advanced Persistent Threat (APT) campaign targeting foreign companies operating in China,” the Trustwave report states. “At this point, we are unable to determine how widespread this software is. We currently know of one targeted technology/software vendor and a highly similar incident occurring at a major financial institution, but this could be leveraged against countless companies operating and paying taxes in China or may be targeted at only a select few organizations with access to vital information.”

“If you do operations in China and if somebody asks you to install something, we’re urging additional vigilance,” Hussey told NBC News. “We’re urging everybody to check to see if they are impacted.”