'Most advanced' China-linked backdoor ever, Daxin, raises alarms for cyber-espionage investigators

Written by
Feb 28, 2022 | CYBERSCOOP

A backdoor in use as recently as November 2021 is the “most advanced piece of malware” ever seen from China-linked spies, according to researchers at Symantec.

The cybersecurity company said Monday that the backdoor, dubbed Daxin, is part of “a long-running espionage campaign against select governments and other critical infrastructure targets,” most of them being of strategic interest to China. The malware “appears to be optimized for use against hardened targets, allowing the attackers to burrow deep into a target’s network and exfiltrate data without raising suspicions,” the researchers said.

“This isn’t really comparable to any other strains of China-linked malware in our opinion. It’s on another level,” Dick O’Brien, principal editor for the Symantec Threat Intelligence Team, told CyberScoop. “It would be near the same level as malware we’ve seen attributed to Western powers, but maybe not as well put together.”

Symantec, part of Broadcomm Software, said it worked with the U.S. government’s new public-private initiative, the Joint Cyber Defense Collaborative, to share information about Daxin. The company cooperated with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) “to engage with multiple foreign governments targeted with

Read More: https://www.cyberscoop.com/daxin-china-linked-symantec-cyber-espionage/