Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
China Security United States Technology

New Chinese Hacking Tool Found, Spurring US Warning To Allies (reuters.com) 14

Security researchers with U.S. cybersecurity firm Symantec said they have discovered a "highly sophisticated" Chinese hacking tool that has been able to escape public attention for more than a decade. Reuters reports: The discovery was shared with the U.S. government in recent months, who have shared the information with foreign partners, said a U.S. official. Symantec, a division of chipmaker Broadcom, published its research about the tool, which it calls Daxin, on Monday. "It's something we haven't seen before," said Clayton Romans, associate director with the U.S. Cybersecurity Infrastructure Security Agency (CISA). "This is the exact type of information we're hoping to receive."

CISA highlighted Symantec's membership in a joint public-private cybersecurity information sharing partnership, known as the JCDC, alongside the new research paper. The JCDC, or Joint Cyber Defense Collaborative, is a collective of government defense agencies, including the FBI and National Security Agency, and 22 U.S. technology companies that share intelligence about active cyberattacks with one another. Symantec's attribution to China is based on instances where components of Daxin were combined with other known, Chinese-linked computer hacker infrastructure or cyberattacks, said Vikram Thakur, a technical director with Symantec. [...] "Daxin can be controlled from anywhere in the world once a computer is actually infected," said Thakur. "That's what raises the bar from malware that we see coming out of groups operating from China."

This discussion has been archived. No new comments can be posted.

New Chinese Hacking Tool Found, Spurring US Warning To Allies

Comments Filter:
  • What are the components of it and what does it do? Which operating systems does it run on?
    • It's kinda like TeamViewer, but you don't have to install it or deal with the annoying accusations of commercial use by the software. Some of them are OS independent, while others are not. Some will even hide themselves in firmware code of hardware devices
    • Better article with lots more details, like how it's a Windows kernel driver...

      https://symantec-enterprise-bl... [security.com]

      Looks like it is very stealthy is the issue. It doesn't require it's own network service to run on each system, instead putting hidden instructions into messages sent to existing services already running on the hosts. Also it only requires communicating with any one machine on the network, which can propagate commands through to the rest of the compromised hosts on the network.

    • by WarlockD ( 623872 ) on Monday February 28, 2022 @11:57PM (#62314135)

      Basically its a smart kernel driver. It will build a mesh network on non-internet systems till it can find an outside connection. It will piggy back on tcp or any other communication channels (pipe drivers, etc) Once it finds an open internet connection it will watch for a pattern before it opens up an encrypted channel to get commands. According to the article, you can send a single command to ping all the nodes on the network.

      Its not a new vector per-say, but its shows what a real actor can do when they got time and money. This thing can infect something and just sit there for years till activated or it could be sending live updates from a mail server without no one being the wiser. I mean the idea of such a program has existed for a while in fiction its just scary to know its out there and its been out there for 10 years.

      • by AmiMoJo ( 196126 )

        I find it interesting that there is no evidence of Chinese supply chain attacks, but there is proof of US ones.

        The Chinese government seems to recognize that attacking your own supply chain is going to be catastrophic for exports and getting stuff manufactured in your country.

        The NSA either didn't care or figured that they wouldn't get caught.

    • by Aubz ( 7986666 )
      I wonder whether this is from the NSA or the CIA or perhaps the DIA, or the NRA or just a Microsoft patch gone wrong.
  • Here is a better link with IOCs
    https://symantec-enterprise-bl... [security.com]

  • People are stupid to run Windows.

    • by Anonymous Coward

      People are stupid if they believe only Windows is vulnerable to this type of stuff.

  • Enough with the Neocon cyber BS. You sad excuse for a technology site. If you were a horse you would have been taken out and shot by now!
    • by Shaiku ( 1045292 )

      What are you exasperated about? I don't understand what you think is political about this story.

You are always doing something marginal when the boss drops by your desk.

Working...