Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities.
According to a technical report published by Symantec's Threat Hunter team today, Daxin is one of the most advanced backdoors ever seen deployed by Chinese actors.
One point of differentiation in Daxin is its form, which is a Windows kernel driver, an atypical choice in the malware landscape. Its stealthiness comes from its advanced communication features, which mix its data exchange with regular internet traffic.
"Daxin is, without doubt, the most advanced piece of malware Symantec researchers have seen used by a China-linked actor," Symantec said in a new report.
"Considering its capabilities and the nature of its deployed attacks, Daxin appears to be optimized for use against hardened targets, allowing the attackers to burrow deep into a target’s network and exfiltrate data without raising suspicions."
Hiding in legitimate network traffic
Backdoors provide threat actors with remote access to a compromised computer system, allowing them to steal data, execute commands, or download and install further malware.