“How China built a one-of-a-kind cyber-espionage behemoth to last”
MIT Technology Review, February 28, 2022
by Patrick Howell O’Neill
“A decade-long quest to become a cyber superpower is paying off for China.”
The “most advanced piece of malware” that China-linked hackers have ever been known to use was revealed today. Dubbed Daxin, the stealthy back door was used in espionage operations against governments around the world for a decade before it was caught.
But the newly discovered malware is no one-off. It’s yet another sign that a decade-long quest to become a cyber superpower is paying off for China. While Beijing’s hackers were once known for simple smash-and-grab operations, the country is now among the best in the world thanks to a strategy of tightened control, big spending, and an infrastructure for feeding hacking tools to the government that is unlike anything else in the world.
This change has been going on for years, driven right from the very top. Soon after he ascended to power, President Xi Jinping began a reorganization of China’s military and intelligence agency, which prioritized cyberwarfare and initiated a “fusion” of military and civilian organizations geared toward boosting the nation’s cyber capabilities.
The results are new tools and tactics that have rapidly become more sophisticated and ambitious over the past decade. For example, Chinese government hackers have exploited more powerful zero-day vulnerabilities—previously undiscovered weaknesses in technology for which there is no known defense—than any other nation, according to congressional testimony from Kelli Vanderlee, an intelligence analyst at the cybersecurity firm Mandiant. Research shows that Beijing exploited six times as many such powerful vulnerabilities in 2021 as in 2020.
China’s offensive cyber capabilities “rival or exceed” those of the United States, said Winnona DeSombre, a research fellow at the Harvard Belfer Center, in congressional testimony on China’s cyber capabilities on February 17. “And its cyber defensive capabilities are able to detect many US operations—in some cases turning our own tools against us.”
Daxin is just the latest powerful tool linked to China over the past year. It works by hijacking legitimate connections to hide its communications in normal network traffic. The result provides stealth and, on highly secure networks where direct internet connectivity is impossible, allows hackers to communicate across infected computers. The researchers who discovered it, from the cybersecurity firm Symantec, compare it to advanced malware they’ve seen that’s been linked to Western intelligence operations. It’s been in use at least as recently as November 2021.
About the Author:
Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. He covers national security, election security and integrity, geopolitics, and personal security: How is cyber changing the world? Before joining the publication, he worked at the Aspen Institute and CyberScoop covering cybersecurity from Silicon Valley and Washington DC.
- “Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign” CISA, February 28, 2022.