Does Your Hardened Network Keep The Bad Guys From Daxin In?

Share This Post

The Threat Hunter Team at Symantec, working jointly with CISA, has identified an APT Campaign against select government agencies and critical infrastructure targets using a highly sophisticated rootkit backdoor named Daxin.

Daxin malware is a rootkit backdoor that utilizes Command and Control functionality to not only infect devices with internet access but also devices with limited or no internet access. Using hijacked TCP connections, Daxin creates a Multi-Node communications channel that can span multiple networks and allow attackers to access machines deep in highly secure environments. Daxin can abuse any already running service on the device, so it does not create any new services. This, added to the hijacking of normal, already established TCP traffic, makes Daxin a stealthy tool for an attacker to transmit commands and exfiltrate data from deep within a network.

This attack methodology makes network segmentation more important than ever.

CASA’s report of the campaign can be found here: https://www.cisa.gov/uscert/ncas/current-activity/2022/02/28/broadcom-software-discloses-apt-actors-deploying-daxin-malware

Symantec’s blog post outlining the attack including known IOCs can be found here: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage



Reach out to our incident response team for help

More To Explore

Information Security News – 8/18/2025

DEF CON Research Takes Aim at ZTNA, Calls It a Bust Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html Personalization in Phishing: Advanced Tactics for Malware Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery Gemini

Information Security News – 8/11/2025

St. Paul, Minnesota, Hit by Major Cyber Attack, State of Emergency Declared, National Guard Deployed Article Link: https://www.cpomagazine.com/cyber-security/st-paul-minnesota-hit-by-major-cyber-attack-state-of-emergency-declared-national-guard-deployed/ Google Breached — What We Know, What

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.