Security researchers together with U.S. cybersecurity firm Symantec said they have found a “highly sophisticated” Chinese hacking tool that has been able to escape public attention for more than a decade, reported Reuters.
This information was shared with the U.S. government in recent months, who have shared the information with foreign partners, said a U.S. official. On Monday Symantec, a division of chipmaker Broadcom published its research about the tool, which it calls Daxin. Clayton Romans, associate director with the U.S. Cybersecurity Infrastructure Security Agency (CISA) said:
“It’s something we haven’t seen before. This is the exact type of information we’re hoping to receive.”
What CISA highlighted was Symantec’s membership in a joint public-private cybersecurity information sharing partnership, known as the JCDC, alongside the new research paper. The Joint Cyber Defense Collaborative includes the FBI and National Security Agency, and several U.S. technology companies that share intelligence about active cyberattacks with one another.
Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyberattacks. The Chinese embassy in Washington did not respond to a request for comment. Neil Jenkins, chief analytics officer at the Cyber Threat Alliance, said:
“The capabilities of this malware are remarkable and would be extremely difficult to detect without this public research.”
Moreover, according to Vikram Thakur, a technical director at Symantec, the company’s attribution to China is based on instances where components of Daxin were combined with other known, Chinese-linked computer hacker infrastructure or cyberattacks.
Symantec researchers commented the discovery of Daxin was noteworthy because of the scale of the intrusions and the advanced nature of the tool. The research report reads:
“The most recent known attacks involving Daxin occurred in November 2021. Daxin’s capabilities suggest the attackers invested significant effort into developing communication techniques that can blend in unseen with normal network traffic.”
Daxin’s victims included high-level, non-Western government agencies in Asia and Africa, including Ministries of Justice, Thakur added.
“Daxin can be controlled from anywhere in the world once a computer is actually infected. That’s what raises the bar from malware that we see coming out of groups operating from China.”
Romans said he did not know of affected organizations in the United States, but there were infections all around the globe, which the U.S. government was aiming to notify, concluded Reuters.