Cybersecurity company Symantec’s researchers discovered a China-linked cyber espionage tool and worked with the Biden administration to sound the alarm to targets.
Symantec said the Daxin malware was the most advanced it has seen used by a China-linked cyberattacker. The researchers think it was deployed in a longstanding espionage campaign against governments and critical infrastructure targets in the telecommunications, transportation and manufacturing sectors.
“There is strong evidence to suggest the malware, Backdoor.Daxin, which allows the attacker to perform various communications and data-gathering operations on the infected computer, has been used as recently as November 2021 by attackers linked to China,” Symantec’s researchers said Monday on the company’s blog. “Most of the targets appear to be organizations and governments of strategic interest to China.”
The Cybersecurity and Infrastructure Security Agency (CISA) said the malware “enabled remote actors to communicate with secured devices not connected directly to the internet.”
Symantec worked with CISA through the Biden administration’s Joint Cyber Defense Collaborative, which enlists tech companies to work with federal agencies to fight hackers, and they met with foreign countries about the threat within 48 hours. Symantec’s parent Broadcom Software is a member of the collaborative effort led by CISA that launched last year.
CISA Associate Director Clayton Romans said his agency’s work with the researchers to warn potential victims about the “extremely sophisticated piece of malware” is an example of how the public-private partnership is supposed to work to stop cyberattackers.
“These kinds of threats pose a dynamic challenge and require a team effort that CISA is uniquely positioned to enable,” Mr. Romans said in a statement. “The more we collaborate, the better we can provide for the collective defense of critical infrastructure here and abroad.”
While Symantec’s discovery involved Daxin’s usage in November, the researchers said the computer code was developed much longer ago and the earliest sample of the malware dates to 2013.
Symantec said it spotted the connection to the China-linked hacking group Slug, also known as Owlproxy, through a cyberattack in 2019 against an information technology company.
CISA officials urged people affected by the malware to contact them and the FBI.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.