Security News > 2022 > March > China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks

A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013.

Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China.

"Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control functionality that enables remote actors to communicate with secured devices not connected directly to the internet," the U.S. Cybersecurity and Infrastructure Security Agency said in an independent advisory.

While recent intrusions involving the backdoor are said to have transpired in November 2021, Symantec said it uncovered code-level commonalities with an older piece of malware called Exforel, indicating that Daxin may have been built by an actor with access to the latter's codebase or that they are the work of the same group.

The campaigns have not been attributed to a single adversary, but a timeline of the attacks shows that Daxin was installed on some of the same systems where tools associated with other Chinese espionage actors like Slug were found.

This includes the deployment of both Daxin and Owprox malware on a single computer belonging to a tech company in May 2020.

News URL

https://thehackernews.com/2022/03/china-linked-daxin-malware-targeted.html