A state-owned bank in China had required the tech company to download software called Intelligent Tax to facilitate the filing of local taxes. The tax software worked as advertised, but it also installed a hidden back door that could give hackers remote command and control of the company’s network, according to a report published Thursday by the SpiderLabs team at Chicago-based Trustwave Holdings Inc. (The cybersecurity firm declined to identify the bank).
“Basically, it was a wide-open door into the network with system-level privileges and command and control server completely separate from the tax software’s network infrastructure,” Brian Hussey, vice president of cyber threat detection and response at Trustwave, wrote in a blog post, also published Thursday. The malware, which Trustwave dubbed GoldenSpy, isn’t downloaded and installed until two hours after the tax software installation is completed, he said.
https://www.bloomberg.com/news/articles ... -firm-says
This is what so many fear with the Chinese government and the fact that all Chinese companies (and citizens etc) are required by law to "assist" with anything they need.
https://www.lawfareblog.com/beijings-ne ... se-offense
This is why Huawei and Hikvision are of concern to some countries and under such scrutiny. Of course some will try to claim "other countries do the same thing ...probably" but seriously we are talking here about a formal law requiring such and now proof of a significant security breach.