Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet.
Stay updated on the latest backdoor threats in cybersecurity. Discover news, analysis, and insights on covert access vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
A backdoor is a hidden method within software or hardware that allows bypassing normal authentication to access a system or network. These can be intentionally created by developers for maintenance or debugging but are frequently exploited or implanted by attackers to maintain unauthorized, persistent access. Backdoors often appear as undocumented commands, hidden user accounts, or covert network services designed to evade detection.
In cybersecurity, backdoors enable attackers to circumvent security controls, increasing the risk of prolonged system compromise and data exposure. Detecting backdoors requires careful code review, monitoring for unusual system behavior, and verifying integrity through trusted baselines. Identifying backdoor indicators in malware or attacker infrastructure is critical for limiting unauthorized access and reducing attacker dwell time within networks. Defensive measures focus on eliminating hidden access points and strengthening authentication mechanisms.
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet.
Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013
'Daxin' malware creates backdoors and may have been used since 2013 The United States' Cybersecurity and Infrastructure Security Agency (CISA), working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013.…
Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities. [...]
A stealthy backdoor program used by China-linked threat actors has targeted government computers at multiple foreign agencies, allowing attackers to retain a presence on sensitive networks and exfiltrate data while remaining undetected.
An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021