In August 2021, the Cybersecurity and Infrastructure Security Agency (CISA) established the Joint Cyber Defense Collaborative (JCDC), a public-private cybersecurity information sharing partnership whose purpose is to unify defensive actions and drive down risk in advance of cyber incidents occurring. Now, one JCDC member, American cybersecurity software company Symantec, has discovered a never-before-seen hacking tool that has been successfully hiding for over a decade.

In its research report, Symantec calls the tool Daxin and describes it as the most advanced piece of malware Symantec researchers have seen.

Based on instances where components of the tool were combined with known Chinese hacking infrastructure, it’s almost certain that Daxin has originated from China. What’s more, the computers on which Daxin was discovered were also infected with other tools Chinese espionage actors are known to use.

“The malware appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” explains Symantec’s Treat Hunter Team. “Most of the targets appear to be organizations and governments of strategic interest to China”.

Daxin allows attackers to perform various communications and data-gathering operations, and it appears to be optimized to perform especially well against hardened targets that can withstand less sophisticated attacks.

Also Read: How To Change Your Wi-Fi Password To Keep Intruders At Bay

“Daxin can be controlled from anywhere in the world once a computer is actually infected” said Vikram Thakur, a technical director with Symantec. “That’s what raises the bar from malware that we see coming out of groups operating from China”.

Since the initial discovery of Daxin, the U.S. government has shared the information with foreign partners to collectively stop the tool from spreading from country to country and from network to network.

So far, no organization in the United States has been infected by Daxin, but previous experience with malware like NotPetya, which was created by Russia to attack Ukrainian infrastructure, tells us that heightened caution is appropriate.