Security News > 2022 > February > Chinese cyberspies target govts with their ‘most advanced’ backdoor

Chinese cyberspies target govts with their ‘most advanced’ backdoor
2022-02-28 19:32

Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities.

According to a technical report published by Symantec's Threat Hunter team today, Daxin is one of the most advanced backdoors ever seen deployed by Chinese actors.

"Daxin is, without doubt, the most advanced piece of malware Symantec researchers have seen used by a China-linked actor," Symantec said in a new report.

"Daxin's use of hijacked TCP connections affords a high degree of stealth to its communications and helps to establish connectivity on networks with strict firewall rules. It may also lower the risk of discovery by SOC analysts monitoring for network anomalies," explains the report by Symantec.

"Daxin's built-in functionality can be augmented by deploying additional components on the infected computer. Daxin provides a dedicated communication mechanism for such components by implementing a device named.Tcp4," further explained Symantec.

Symantec's threat analysts have found evidence linking Daxin to the Chinese state-backed hacking group Slug.


News URL

https://www.bleepingcomputer.com/news/security/chinese-cyberspies-target-govts-with-their-most-advanced-backdoor/