Daxin Malware

Daxin is being described as the most advanced piece of malware attributed to China-backed threat actors. Details about the threat were released in a report by security researchers. According to their findings, the threat has been able to stay under the radar for nearly a decade - the earliest identified Daxin samples are from 2013 while the latest attack operations involving the threat took place in November 2021.

At its core, Daxin is a backdoor implant that provides the attackers with the ability to conduct various intrusive actions on the infected devices. However, the apparent goal of the attackers is data-gathering. The chosen targets are carefully selected from a range of different industries and sectors, including telecommunications, transportation and manufacturing. Government organizations also have been targeted with Daxin. A common characteristic among the selected entities is that they have robust network and cybersecurity protections. 

Daxin is designed to operate as a Windows kernel driver. It excels at using a single external command to jump from one breached system to another within the network. To remain unnoticed, Daxin doesn't open any new network services or attempt communications that could seem suspicious. Instead, it hijacks legitimate TCP/IP services, while listening for specific traffic patterns that it can recognize as a valid command. It should be pointed out that nearly all of the advanced features of the threat were already present in its earliest versions, showing the skill and foresight of its creators.