China’s banks require all companies doing business within China to utilize tax software from either Aisino or Baiwang to comply with tax security regulations. This indicates that this campaign either is being run by the Chinese government or has the blessing of the Chinese government. Defending against malicious software when that software comes from what are supposed to be “legitimate trusted sources” becomes difficult, especially when it is a government requirement to utilize that software. While an infection like this begins on the initially infected machine any device on a corporate network that becomes infected puts the entire network at risk. Close monitoring of network activity as well as unusual activity from endpoints are one of the best means of defending against a well-planned and sophisticated attack like this one. Being able to identify and quarantine machines early can minimize the damage done in a campaign such as this one. More information on this incident can be found at https://www.infosecurity-magazine.com/news/more-malware-hidden/