Security News > 2022 > February > Chinese cyberspies target govts with their ‘most advanced’ backdoor
Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities.
According to a technical report published by Symantec's Threat Hunter team today, Daxin is one of the most advanced backdoors ever seen deployed by Chinese actors.
"Daxin is, without doubt, the most advanced piece of malware Symantec researchers have seen used by a China-linked actor," Symantec said in a new report.
"Daxin's use of hijacked TCP connections affords a high degree of stealth to its communications and helps to establish connectivity on networks with strict firewall rules. It may also lower the risk of discovery by SOC analysts monitoring for network anomalies," explains the report by Symantec.
"Daxin's built-in functionality can be augmented by deploying additional components on the infected computer. Daxin provides a dedicated communication mechanism for such components by implementing a device named.Tcp4," further explained Symantec.
Symantec's threat analysts have found evidence linking Daxin to the Chinese state-backed hacking group Slug.
News URL
Related news
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants (source)
- Chinese cyberspies backdoor Juniper routers for stealthy access (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Juniper patches bug that let Chinese cyberspies backdoor routers (source)
- Chinese snoops use stealth RAT to backdoor US orgs – still active last week (source)