Security News > 2022 > March > China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013.
Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China.
"Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control functionality that enables remote actors to communicate with secured devices not connected directly to the internet," the U.S. Cybersecurity and Infrastructure Security Agency said in an independent advisory.
While recent intrusions involving the backdoor are said to have transpired in November 2021, Symantec said it uncovered code-level commonalities with an older piece of malware called Exforel, indicating that Daxin may have been built by an actor with access to the latter's codebase or that they are the work of the same group.
The campaigns have not been attributed to a single adversary, but a timeline of the attacks shows that Daxin was installed on some of the same systems where tools associated with other Chinese espionage actors like Slug were found.
This includes the deployment of both Daxin and Owprox malware on a single computer belonging to a tech company in May 2020.
News URL
https://thehackernews.com/2022/03/china-linked-daxin-malware-targeted.html
Related news
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- CoralRaider attacks use CDN cache to push info-stealer malware (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)