Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation GoldenSpy Chapter Two

In mid-2020 companies in China were targeted with the GoldenSpy malware hidden inside of legitimate tax software. A few weeks later an uninstaller for the malware was discovered hosted on one of the actor's original command and control servers. The software was automatically downloaded by the tax product and removed any reference of GoldenSpy including stopping processes and deleting files and registry entries. A second version of the uninstaller was also discovered but used Base64 encoding to obfuscate variables.
Name Modified Date Sources
Operation GoldenSpy Chapter Two 2020-07-16