Security News > 2022 > March > China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013.
Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China.
"Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control functionality that enables remote actors to communicate with secured devices not connected directly to the internet," the U.S. Cybersecurity and Infrastructure Security Agency said in an independent advisory.
While recent intrusions involving the backdoor are said to have transpired in November 2021, Symantec said it uncovered code-level commonalities with an older piece of malware called Exforel, indicating that Daxin may have been built by an actor with access to the latter's codebase or that they are the work of the same group.
The campaigns have not been attributed to a single adversary, but a timeline of the attacks shows that Daxin was installed on some of the same systems where tools associated with other Chinese espionage actors like Slug were found.
This includes the deployment of both Daxin and Owprox malware on a single computer belonging to a tech company in May 2020.
News URL
https://thehackernews.com/2022/03/china-linked-daxin-malware-targeted.html
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign (source)
- Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia (source)