Security News > 2022 > March > China-linked malware targeted secure networks in 'multiple governments'

The United States' Cybersecurity and Infrastructure Security Agency, working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013.

Symantec's threat hunting team has named the malware "Daxin" and described it as "a stealthy backdoor designed for attacks on hardened networks".

The agency asserts that Daxin "Appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions".

Symantec's analysis of the malware states it's been used as recently as November 2021 by attackers linked to the Middle Kingdom, and that whoever wields it has targeted "Organizations and governments of strategic interest to China".

Encapsulate raw network packets to be transmitted via the local network adapter.

Daxin then tracks network flows so that any response packets are captured and forwarded to the remote attacker.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/01/china_linked_daxin_malware/