Security researchers have uncovered a stealthy backdoor from a China-linked hacking group that is being used to target critical infrastructure in multiple countries.
The malware, dubbed Daxin by researchers at Broadcom-owned Symantec, is a backdoor ‘rootkit’ or malware designed to give an attacker low-level ‘root’ privilege-level access to a compromised system. It was last used in November 2021, according to Symantec.
Symantec declared in a blogpost that the Windows kernel driver malware was the “most advanced piece of malware” its researchers had seen from China-linked actors.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
The malware is designed to penetrate networks that have been hardened against cyberattacks.
The US Cybersecurity and Infrastructure Agency (CISA) marked Daxin as a “high-impact” security incident based on information shared through its private sector US cybersecurity partners in the Joint Cyber Defense Collaborative.
CISA notes that Daxin has been used against select governments and other critical infrastructure targets. CISA and Symantec engaged with multiple governments targeted with Daxin malware and assisted in detection and remediation, CISA says.
Daxin is a “highly sophisticated rootkit backdoor with complex, stealthy command and control (C2) functionality”, according to CISA.
“Daxin appears to be optimized for use against hardened