US to warn allies on newly-found Chinese hacking tool I Tech
 
 
 
 
 
 

US to warn allies on newly-found Chinese hacking tool

/ 12:12 PM February 28, 2022

Security researchers with U.S. cybersecurity firm Symantec said they have discovered a “highly sophisticated” Chinese hacking tool that has been able to escape public attention for more than a decade.

The discovery was shared with the U.S. government in recent months, who have shared the information with foreign partners, said a U.S. official. Symantec, a division of chipmaker Broadcom, published its research about the tool, which it calls Daxin, on Monday.

“It’s something we haven’t seen before,” said Clayton Romans, associate director with the U.S. Cybersecurity Infrastructure Security Agency (CISA). “This is the exact type of information we’re hoping to receive.”

ADVERTISEMENT

CISA was announcing Symantec’s inclusion into a joint public-private cybersecurity information sharing partnership, known as the JCDC, on Monday alongside the new research paper.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

The JCDC, or Joint Cyber Defense Collaborative, is a collective of government defense agencies, including the FBI and National Security Agency, and 22 U.S. technology companies that share intelligence about active cyberattacks with one another.

US to warn allies on newly found Chinese hacking tool

The Chinese embassy in Washington did not respond to a request for comment. Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyber attacks.

Symantec’s attribution to China is based on instances where components of Daxin were combined with other known, Chinese-linked computer hacker infrastructure or cyberattacks, said Vikram Thakur, a technical director with Symantec.

Symantec researchers said the discovery of Daxin was noteworthy because of the scale of the intrusions and the advanced nature of the tool.

“The most recent known attacks involving Daxin occurred in November 2021,” the research report reads. “Daxin’s capabilities suggest the attackers invested significant effort into developing communication techniques that can blend in unseen with normal network traffic.”

ADVERTISEMENT

Daxin’s victims included high-level, non-western government agencies in Asia and Africa, including Ministries of Justice, Thakur added.

“Daxin can be controlled from anywhere in the world once a computer is actually infected,” said Thakur. “That’s what raises the bar from malware that we see coming out of groups operating from China.”

Romans said he did know of affected organizations in the U.S., but there were infections all around the globe, which the U.S. government was helping to notify.

“Clearly the actors have been successful in not only conducting campaigns but being able to keep their creation under wraps for well over a decade,” said Thakur.

(Reporting by Christopher Bing; Editing by Nick Zieminski)

Don't miss out on the latest news and information.
TAGS: Chinese, cybersecurity, hacking
For feedback, complaints, or inquiries, contact us.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.




We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.