研究人员在野外发现了一种“古老的”中国恶意软件，能够避免使用先进的威胁检测解决方案。

　　赛门铁克（Symantec）的专家发表了一份报告，详细介绍了他们关于达克辛（Daxin）的发现，“最先进的恶意软件”公司表示，它有机会观察到。

　　该团队声称，达辛是一个隐秘的后门，旨在从艰难的企业网络上获得控制和渗透数据的控制和渗透数据。

　　你可能喜欢

　　据称，中国政府黑客在外国电话网络中尚未发现数年

　　巨大的网络攻击发现击中脆弱的Microsoft签名的遗产司机以超越安全

　　据称，臭名昭著的中国黑客著名球星针对美国金融公司

　　Techradar需要您！

　　我们正在研究读者如何使用具有不同设备的VPN，以便我们可以改善内容并提供更好的建议。这项调查不应花费超过60秒的时间。感谢您参加。

　　>>单击此处在新窗口中开始调查 <<

　　Finally spotted

　　According to the report, Daxin was created by Slug, also known as Owlproxy, a threat actor with ties to the Chinese government. It was first spotted in 2013, and even a decade ago, it was already capable of avoiding detection from state-of-the-art antivirus solutions.

　　It lay dormant until late 2019 (or security pros were just unable to detect it, which is also highly likely), when it re-emerged, targeting telecommunication, transportation, and manufacturing companies, all throughout 2020 and 2021.

　　What makes Daxin stand out from other malware is its atypical form and the way it hides its communications with the C2 server. The malware is described as a Windows kernel driver that looks for patterns in network traffic.

　　once it spots a pattern, it will hijack the legitimate TCP connection and use it to send out data and receive further instructions.

　　Are you a pro? Subscribe to our newsletter

　　Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.Read more

　　> Linux systems targeted with dangerous new Chinese malware

　　> 这个Linux后门尚未发现10年

　　>联邦调查局负责人声称，来自中国的网络攻击比世界其他地区更多。

　　Symantec说：“考虑到其部署攻击的能力和性质，达克辛似乎已优化用于针对硬化目标的使用，从而使攻击者能够将其深入到目标的网络，而不会引起怀疑，” Symantec说。

　　“达克斯（Daxin）使用被劫持的TCP连接提供了高度的通信，并有助于建立具有严格防火墙规则的网络上的连通性。它也可能降低了SOC分析师对网络异常监测的SOC发现风险。”

　　使达克斯特别危险的另一件事是它可以通过多个端点建立复杂的通信渠道的能力，从而在高度保护的网络上持续存在。

　　Symantec没有说该小组这次目标的组织名称。现在检查最好的防火墙