Daxin is a backdoor exploit discovered in late 2021 by Symantec researchers. It is considered highly sophisticated and is suspected to have been operational in espionage operations by the Chinese government for over a decade, targeting government agencies in Asia and Africa.[1] It can be controlled from anywhere in the world, and its creators reportedly invested significant effort to make its communication blend in with network traffic.[2][3][4]
Daxin comes in the form of a Windows kernel driver and exhibits technical sophistication previously unseen from such actors.[5] It implements advanced communications functionality that provides a high degree of stealth and permits the attackers to communicate with infected computers on highly secured networks.[6] Daxin is capable of hijacking legitimate TCP/IP connections, exchanging digital keys with a remote peer, and opening encrypted communication channels for receiving commands and sending information back to the remote source.[1]
Daxin's capabilities suggest the attackers invested significant effort into developing communication techniques that can blend in unseen with normal network traffic on the target's network. The malware can be controlled from anywhere in the world, and its creators reportedly made considerable effort to ensure its communication blends in with network traffic.[1][7]
References
edit- ^ a b c Warminsky, Joe (2022-02-28). "'Most advanced' China-linked backdoor ever, Daxin, raises alarms for cyber-espionage investigators". CyberScoop. Retrieved 2024-07-22.
- ^ Bing, Christopher (28 February 2022). "New Chinese hacking tool found, spurring U.S. Warning to allies". Reuters. Archived from the original on 2022-03-01.
- ^ "How China built a one-of-a-kind cyber-espionage behemoth to last".
- ^ "'Sophisticated' new Chinese hacking tool found, US warns allies". March 2022.
- ^ "Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks". prod-blogs-ui.client-b1.bkjdigital.com. Retrieved 2024-07-22.
- ^ Moshe, Tal. "Daxin - Backdoor Designed for Attacks Against Hardened Networks". Cymulate. Retrieved 2024-07-22.
- ^ "Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks". prod-blogs-ui.client-b1.bkjdigital.com. Retrieved 2024-07-22.