Aisino
Chinese tax software installed GoldenSpy backdoor.
Intelligent Tax software, produced by Aisino Corporation and required by some Chinese banks for companies operating in China, was found to install the GoldenSpy backdoor. This malware provided extensive remote access and control capabilities, including command execution and data exfiltration, with a delayed installation to evade detection.
- Date
- 2020-04-01 to 2020-06-28
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- source
- Impact
- Backdoor
- Cause
- Vendor compromise
What Was Affected
Package
Aisino
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
i-xinnuo.com
Compromised Versions
- Multiple versions of Aisino Intelligent Tax software containing GoldenSpy module, active in 2020
Incident Context
- Motive
- Espionage
- Attribution
- Nation-state
- Transitive
- No
- User Impact
- 1000
- Observed Duration
- 88 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
- trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-whos-really-pulling-the-strings
- virustotal.com/gui/file/c1d7873a21d28ba995725f958741948f0d750b1e18311341682b56f257025642
- virustotal.com/gui/file/1536924c856093919f4f697f83225471094e4868131226a996d75a738080b0e6
- virustotal.com/gui/file/5953fc590db6ab347840ccbf10f09a0b1bb48d38309067a1d65c34cb3ce82f4b
- bazaar.abuse.ch/browse.php
Indicators and Changes
Hashes
sha256:c1d7873a21d28ba995725f958741948f0d750b1e18311341682b56f257025642sha256:1536924c856093919f4f697f83225471094e4868131226a996d75a738080b0e6sha256:5953fc590db6ab347840ccbf10f09a0b1bb48d38309067a1d65c34cb3ce82f4bsha256:aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899
External References
Source Data
Source record: proprietary/aisino/meta.yaml