The tool was designed for attacks against hardened networks in espionage campaigns against select governments and other critical infrastructure targets.
Researchers at Symantec claim to have discovered a highly sophisticated tool, likely the most advanced ever to be linked with threat actors with ties to China.
“It’s something we haven’t seen before. This is the exact type of information we’re hoping to receive,” Clayton Romans, associate director with the U.S. Cybersecurity Infrastructure Security Agency (CISA), told Reuters.
Researchers claim there’s strong evidence to suggest that malware dubbed Backdoor.Dexin has been used as recently as November 2021 by attackers linked to China.
“Considering its capabilities and the nature of its deployed attacks, Daxin appears to be optimized for use against hardened targets, allowing the attackers to burrow deep into a target’s network and exfiltrate data without raising suspicions,” claim the authors of the report.
Worryingly, the hacking tool has escaped public attention for a decade. The report’s authors say that the earliest sample of the malware dates to 2013 and includes features seen in the most recent variants.
The findings suggest that the attackers were already well established by 2013, with Daxin features reflecting their expertise at the time.
“Clearly the actors have been successful in not only conducting campaigns but being able to keep their creation under wraps for well over a decade,” Vikram Thakur, a technical director with Symantec, told Reuters.
More from Cybernews:
Subscribe to our newsletter