[CDP-development] CISA: Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign - TLP:WHITE

Masse, Theresa theresa.masse at cisa.dhs.gov
Mon Feb 28 12:37:49 PST 2022 

FYSA

Broadcom Software<https://urldefense.us/v3/__https:/software.broadcom.com/__;!!BClRuOV5cvtbuNI!UHEYGeccVKV16m2M8HtDroGyXyBzWaOnu7WmoetZaW5SXcMzQrQ6GTVttSy92-DCba0aEXQ$>—an industry member of CISA’s Joint Cyber Defense Collaborative (JCDC)<https://www.cisa.gov/jcdc>— has released (TLP:WHITE) Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks<https://urldefense.us/v3/__https:/symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage__;!!BClRuOV5cvtbuNI!UHEYGeccVKV16m2M8HtDroGyXyBzWaOnu7WmoetZaW5SXcMzQrQ6GTVttSy92-DCIQ9sv3g$>

The publication uncovers an advanced persistent threat (APT) campaign against select international governments and other critical infrastructure targets. The Symantec Threat Hunter team, part of Broadcom Software, worked with CISA to engage with multiple international governments targeted with Daxin malware and assisted in detection and remediation.

Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command and control (C2) functionality that enables remote actors to communicate with secured devices not connected directly to the internet. Daxin appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions.

CISA Recommendations:

  *   CISA urges organizations to review Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks<https://urldefense.us/v3/__https:/symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage__;!!BClRuOV5cvtbuNI!UHEYGeccVKV16m2M8HtDroGyXyBzWaOnu7WmoetZaW5SXcMzQrQ6GTVttSy92-DCIQ9sv3g$> for more information and for a list of indicators of compromise that may aid in the detection of this activity

We kindly request any incidents or anomalous activity related to this message be reported to CISA at https://us-cert.cisa.gov/report, Central at cisa.dhs.gov<mailto:Central at cisa.dhs.gov>, or (888) 282-0870 and/or to the FBI via your local FBI field office, the FBI’s 24/7 CyWatch at (855) 292-3937, or CyWatch at fbi.gov<mailto:CyWatch at fbi.gov>.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image007.png at 01D82C8D.DBA84AC0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220228/936b8186/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 16152 bytes
Desc: image007.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220228/936b8186/attachment-0001.png>

More information about the CDP-development mailing list