Malware

16 Mar 2022

As if Russian cyber threats weren’t enough, this week opened with a reminder that we can’t turn our backs on the danger from Chinese hackers. Threat hunting researchers raised the global alarm Monday on a highly sophisticated piece of malware being used by China-linked threat actors.

The malware, known as Daxin, appears to be part of a long-running espionage campaign against select governments and critical infrastructure targets. The team at Symantec cautioned that it features “technical complexity previously unseen by such actors” and “appears to be optimized for use against hardened targets, allowing the attackers to burrow deep into a target’s network and exfiltrate data without raising suspicions.” [i]

Alarmingly, though the most recent known attacks involving Daxin happened in November 2021, the public report notes “the earliest known sample of the malware dates from 2013 and included all of the advanced features seen in the most recent variants.” While most targets to date have been “organizations and governments of strategic interest to China,” the existence of a backdoor that can lurk undetected in your network should set off alarms for anyone with responsibility for sensitive data.

Why You Should Worry

Daxin is clearly designed for stealth. It takes the form of a Windows kernel driver (pretty rare for malware these days) and uses advanced communications functionality to let attackers communicate with infected computers on highly secured networks. To blend in with normal network traffic and avoid detection, the malware avoids starting its own network services, instead abusing legitimate services that are already running on infected computers.

Daxin can also relay communications across a network of infected computers within an organization; according to the researchers, “attackers can select an arbitrary path across infected computers and send a single command that instructs these computers to establish requested connectivity.” Finally, the malware uses network tunneling to let the attackers communicate with legitimate services on the attacked network that can be reached from any infected computer.

What does this mean? Once in, a hacker using Daxin can read and write files on an infected computer, as well as starting processes and interacting with them. The real value to a malicious actor is in Daxin’s stealth and communications abilities, making it much more likely they could hijack data undetected for weeks, months, or even longer if it’s not discovered and rooted out.

Daxin works by taking over legitimate TCP/IP connections. That matters because instead of creating unusual traffic that’s easy to distinguish from what you’d normally expect from your network, it camouflages its activity behind patterns that look normal. The researchers warn “Daxin’s use of hijacked TCP connections affords a high degree of stealth to its communications and helps to establish connectivity on networks with strict firewall rules. It may also lower the risk of discovery by SOC analysts monitoring for network anomalies.”

Know Your Foe

Victims of Daxin identified by researchers include government organizations as well as entities in the telecommunications, manufacturing, and transportation sectors. Their work established multiple research links to known Chinese espionage actors, giving confidence to their identification of the source of the threat. The researchers also released indicators of compromise (IOCs) that can help detect when Daxin has infiltrated a system.

As with other emerging detections of cybersecurity threats, our SOC team at Petronella began working immediately to incorporate what is known and being discovered about Daxin into our security protocols. We use AI-driven, proactive tools to dive deep into your network data, hunting even the most elusive patterns and signs of malware, hints that can escape manual cybersecurity efforts to them track down. We stay connected with threat detection teams worldwide to add detections and mitigations to our arsenal so we can keep you a step ahead of danger.

Your Cybersecurity Experts

Does the idea of your business being the next victim of the latest malware in the headlines break you out in cold sweat? Don’t worry—call Petronella Technology Group (PTG). We’ve got the expertise to find and eradicate malware before it can damage your systems and your reputation. To schedule a FREE consultation now, contact us here.

[i] https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top