Cybersecurity specialists at Symantec have identified a sophisticated hacking tool coming out of China that has remained active, yet undetected, for over ten years.
US-based Symantec handed knowledge of the bug over to the US government recently, which is now dispersing the advisory information through overseas allies, a US official has said. The hacking tool, known as Daxin, was published by Symantec on Monday.
As reported by Reuters, Clayton Romans, associate director with the US Cybersecurity Infrastructure Security Agency (CISA), said:
“It’s something we haven’t seen before. This is the exact type of information we’re hoping to receive.”
Symantec is a member within a “joint public-private cybersecurity information sharing partnership”, known as the JCDC (Joint Cyber Defence Collaborative) – a group of US government defence agencies which includes the National Security Agency and the FBI. The collective sees the official bodies share cyberattack intelligence with over 22 US tech firms.
While no word has come from the Chinese embassy in Washington in response to the discovery, Chinese officials have declared that China is against all forms of cyberattack, and that it is, in fact, a primary target of hacking activity.
Neil Jenkins, chief analytics officer at not-for-profit data sharing group, said:
“The capabilities of this malware are remarkable and would be extremely difficult to detect without this public research.”
Experts at Symantec have pinned the blame on China for the bug, based on previous examples of Daxin components being blended with other known online hacking infrastructure or cyber-strikes linked with China.
The revealing of Daxin has been of note because of the size and scale of the intrusions the tool has perpetrated, as well as the advanced nature of its constituent technology. The corresponding report say that the most recent attacks involving Daxin took place in November 2021.
“Daxin’s capabilities suggest the attackers invested significant effort into developing communication techniques that can blend in unseen with normal network traffic,” the report adds.
Non-Western government agencies in Asia and Africa, as well as Ministries of Justice are among the primary victims of a tool that “can be controlled from anywhere in the world once a computer is actually infected,” stated Vikram Thakur, a technical director with Symantec.
“That’s what raises the bar from malware that we see coming out of groups operating from China,” Thakur added.
“Clearly the actors have been successful in not only conducting campaigns but being able to keep their creation under wraps for well over a decade,” Thakur concluded
China’s data protection and security laws are growing increasingly vast and complex. For some companies these regulations present a barrier to entry into the Chinese market. But others will leverage their understanding of this complexity for a competitive advantage.
PrivSec China will help you develop your compliance strategy and learn to thrive in China’s regulatory environment.
This all-day event, taking place on 15 March 2022, will feature presentations, panel discussions and keynotes, providing fascinating content and actionable insights.