Happy Nice Mall

Researchers at cybersecurity firm Symantec discovered a China-linked cyberespionage tool and worked with the Biden administration to raise the alarm at targets.

Symantec said the Daxin malware is the most advanced malware it has ever seen used by a China-linked cyber attacker. Researchers think it was deployed in a long-running espionage campaign against governments and critical infrastructure targets in the telecommunications, transportation and manufacturing sectors.

“There is strong evidence that malware called Backdoor.Daxin, which allows the attacker to perform various communication and data collection operations on the infected computer, was used by attackers based in China in November 2021,” Symantec researchers said. Monday on the company’s blog. “Most of the targets seem to be organizations and governments with China’s strategic interests.”

The Cybersecurity and Infrastructure Security Agency (CISA) said the malware “enables remote actors to communicate with secure devices that are not directly connected to the internet.”

Symantec worked with CISA through the Biden administration’s Joint Cyber ​​Defense Cooperation, which enables tech companies to work with federal agencies to fight hackers, and met with foreign countries about the threat within 48 hours. Symantec’s parent company, Broadcom Software, is a member of the CISA-led collaboration launched last year.

CISA Deputy Director Clayton Romans said that his agency’s work with researchers to warn potential victims of a “highly sophisticated piece of malware” is an example of how public-private partnerships work to stop cyberattackers.

“These types of threats pose a dynamic challenge and require a team effort that CISA is uniquely positioned to enable,” Mr Romans said in a statement. “The more we collaborate, the better we can provide collective defense of critical infrastructure here and abroad.”

While Symantec’s discovery included Daxin’s use in November, the researchers said the computer code was developed much earlier, with the earliest instance of the malware dating to 2013.

Symantec said it detected the link to the China-linked hacking group Slug, also known as Owlproxy, through a cyberattack against an information technology company in 2019.