"Chinese Cyberspies Use Their ‘Most Advanced’ Backdoor to Attack Governments"

Daxin is a stealthy backdoor linked to China that was built to be deployed in fortified corporate networks with high-level threat detection capabilities. Findings from an analysis of the backdoor conducted by Symantec's Threat Hunter team reveal that Daxin is one of the most sophisticated backdoors ever used by Chinese hackers. Daxin comes in the form of a Windows kernel driver, a relatively rare format in the malware world. Daxin's communication capabilities combine data sharing with conventional Internet traffic, making it stealthy. Backdoors allow threat actors to gain remote access to a hacked computer system in order to steal data, run commands, download other malware, and more. Such tools require data transfer encryption or obfuscation to avoid detection by network traffic monitoring tools since they are often used to steal information from secured networks or cause further damage to a device. Daxin does this by looking for specific patterns in a device's network data. Following the discovery of particular patterns, Daxin will then take over a genuine TCP connection and abuse it to interact with the command-and-control (C2) server. The Daxin malware may hide its communication in what appears to be ordinary traffic and, therefore, go unnoticed by hijacking TCP conversations. Symantec pointed out that the use of hijacked TCP connections gives Daxin's communications a high degree of stealth, helps set up connectivity on networks containing strict firewall rules, and lowers the risk of discovery by Security Operations Center (SOC) analysts. This article continues to discuss recent findings surrounding the China-linked Daxin malware.

CyberIntelMag reports "Chinese Cyberspies Use Their ‘Most Advanced’ Backdoor to Attack Governments"