India binned made-in-Singapore app in latest round of China bans.By hijacking connections, Daxin may evade firewall rules. Once key exchange has been conducted, Daxin opens an encrypted communication channel for receiving commands and sending responses. It then performs a custom key exchange with the remote peer, where two sides follow complementary steps." "Whenever any of these patterns are detected, Daxin disconnects the legitimate recipient and takes over the connection. "In order to do so, it monitors all incoming TCP traffic for certain patterns," Symantec's analysis states. The agency asserts that Daxin "appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions". Those recent versions of the malware have been associated with "China-linked threat actors".ĬISA's advisory about the malware describes it as "a highly sophisticated rootkit backdoor with complex, stealthy command and control functionality that enabled remote actors to communicate with secured devices not connected directly to the internet". The Broadcom-owned security firm says it's found samples of the malware dating back to 2013, and that features present in recent versions were also found in older cuts of the code. Symantec's threat hunting team has named the malware "Daxin" and described it as "a stealthy backdoor designed for attacks on hardened networks". The United States' Cybersecurity and Infrastructure Security Agency (CISA), working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |