Security News > 2022 > March > Daxin Espionage Backdoor Ups the Ante on Chinese Malware
The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage.
"Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control functionality that enabled remote actors to communicate with secured devices not connected directly to the internet," warned CISA, in a Monday alert.
From a technical standpoint, Daxin takes the form of a Windows kernel driver, according to Symantec's Monday analysis, and has a focus on stealth.
Daxin also can hijack legitimate TCP/IP connections.
The research team linked Daxin to Chinese actors because it's usually deployed alongside tools known to be associated with Chinese espionage actors.
"Daxin is without doubt the most advanced piece of malware Symantec researchers have seen used by a China-linked actor."
News URL
https://threatpost.com/daxin-espionage-backdoor-chinese-malware/178706/
Related news
- RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Chinese cyberspies use new SSH backdoor in network device hacks (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)