In February 2022, cybersecurity company Symantec linked a long-running global cyberespionage campaign to a Chinese threat actor. Using a piece of malware called Daxin, the hackers were able to infiltrate “hardened networks,” notably government systems and critical infrastructure facilities “of strategic interest to China,” as recently as November 2021. Symantec assessed that Daxin was “the most advanced piece of malware” developed by a China-linked actor to date. The malware had similar features to cyber tools used by Western intelligence and allowed the attackers to “burrow deep into a target’s network and exfiltrate data without raising suspicions.” Symantec researchers are working alongside the U.S. Cyber Security and Infrastructure Agency, as well as engaging with impacted foreign governments, to detect and remediate the effects of the malware.
China-linked hackers use advanced malware to attack government networks