- Source: Daxin (spyware)
Daxin is a backdoor exploit discovered in late 2021 by Symantec researchers. It is considered highly sophisticated and is suspected to have been operational in espionage operations by the Chinese government for over a decade, targeting government agencies in Asia and Africa. It can be controlled from anywhere in the world, and its creators reportedly invested significant effort to make its communication blend in with network traffic.
Daxin comes in the form of a Windows kernel driver and exhibits technical sophistication previously unseen from such actors. It implements advanced communications functionality that provides a high degree of stealth and permits the attackers to communicate with infected computers on highly secured networks. Daxin is capable of hijacking legitimate TCP/IP connections, exchanging digital keys with a remote peer, and opening encrypted communication channels for receiving commands and sending information back to the remote source.
Daxin's capabilities suggest the attackers invested significant effort into developing communication techniques that can blend in unseen with normal network traffic on the target's network. The malware can be controlled from anywhere in the world, and its creators reportedly made considerable effort to ensure its communication blends in with network traffic.
