Threat Awareness – APT Actors Deploying Daxin Malware in Global Espionage Campaign

The Cybersecurity and Infrastructure Security Agency (CISA) has shared Broadcom Software’s threat advisory warning that an advanced persistent threat (APT) campaign using the Daxin malware has targeted multiple government and other critical infrastructure targets. Daxin malware, according to CISA, “is a highly sophisticated rootkit backdoor with complex, stealthy command and control (C2) functionality that enabled remote actors to communicate with secured devices not connected directly to the internet.” Daxin is likely meant for use against hardened targets, allowing threat actors to deeply infiltrate a targeted network and exfiltrate data without raising suspicions. CISA urges organizations to review Broadcom’s advisory Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks for more information and for a list of indicators of compromise that may aid in the detection of this activity. Partners are encouraged to report incidents related to this activity to CISA and/or the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 o or Cy*****@*bi.gov. Read more at CISA.