Daxin (spyware)
Daxin is a sophisticated piece of malware identified as a Remote Access Trojan (RAT) that was discovered in 2021. It is believed to have been used in a long-running espionage campaign targeting organizations and government entities, primarily in Russia and China, for over a decade prior to its discovery. Daxin is characterized by its stealthy operation, advanced technical capabilities, and its ability to deeply infiltrate targeted systems.
Key features of Daxin include:
-
Kernel-Level Rootkit: Daxin operates as a kernel-level rootkit, giving it privileged access to the operating system and allowing it to hide its presence from typical security tools and user-level applications. This makes detection and removal particularly challenging.
-
Passive Backdoor: Unlike many RATs, Daxin operates as a passive backdoor. It does not actively beacon out to a command-and-control server but rather waits for specific "magic packets" or signals to be sent to it. This reduces network traffic and makes it more difficult to detect through network monitoring.
-
Inter-Node Communication: Daxin possesses the ability to communicate directly between infected systems within a network, creating a peer-to-peer network of compromised machines. This allows for lateral movement and data exfiltration even if individual systems are not directly connected to the internet.
-
Custom Protocols: Daxin employs custom communication protocols for inter-node communication and data transfer, further obscuring its activity and evading standard network security measures.
-
Memory-Resident Operation: Daxin primarily operates in memory, minimizing its footprint on the hard drive and reducing the likelihood of detection by file-based antivirus scans.
Attribution for the creation and deployment of Daxin is complex and remains under investigation. Security researchers believe that the malware's sophistication suggests it was developed and used by a nation-state actor with significant resources and technical expertise.
The discovery of Daxin underscores the increasing sophistication of modern malware and the challenges involved in defending against advanced persistent threats (APTs). The combination of rootkit capabilities, passive operation, and inter-node communication makes Daxin a particularly dangerous and effective espionage tool.