Dubbed Daxin, a sophisticated network attack tool was discovered to develop stealthy backdoors and is assumed to be associated with Chinese threat actors possibly in utilisation for a decade now.
The Daxin network tool is developed exclusively for attacking secured networks that enable threat actors to infiltrate deep inside the targeted networks and steal data.
Moreover, researchers explained that Daxin is a rootkit backdoor with a complicated and stealthy command-and-control feature that enables remote threat actors to communicate with secured devices that are not linked with the internet.
Other similar samples of Daxin were found back in 2013, wherein researchers also indicated that its recent version was identical to its older code cuts, still related to Chinese threat actors.
Based on reports, Daxin can create a new communication channel on different compromised devices where threat operators can send a message indicating which node they want to use.
The tool also includes raw network packets distributed through a local network adapter. It tracks network chains to gather and forward any response packets to the remotely based threat actors.
Furthermore, the tool deploys elusive communication components, enabling a remote threat actor to communicate with wanted features.
The researchers also observed that the tool spreads under the impersonation of a Windows kernel driver and works to hijack legitimate IP connections. It also monitors incoming TCP traffic for patterns, cuts the connection of the genuine recipient, and controls the connection.
Lastly, Daxin can open an encrypted communication channel to receive instructions and deploy responses.
Daxin has one of the most complicated functionalities seen by experts in a China-linked malware attack. There is an immediate need to implement a dynamic approach to security, alongside continuous study and upgrades in security measures.
Organizations are recommended to follow IOCs that may aid them in detecting malicious activities in their networks.