Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
Summary
The Daxin kernel-mode rootkit, linked to a China-affiliated threat actor, has reappeared after more than four years, infecting a manufacturing firm in Taiwan. Alongside Daxin, a new, previously unknown backdoor named Stupig has also been discovered.
IFF Assessment
The reappearance of advanced malware like Daxin and the discovery of a new backdoor indicate ongoing sophisticated threats from nation-state-linked actors, posing a significant risk to organizations.
Defender Context
This resurgence highlights the persistence of advanced threat actors and their ability to develop and deploy sophisticated malware, including rootkits and backdoors. Defenders should remain vigilant for signs of Daxin and Stupig, and strengthen their defenses against kernel-mode malware and sophisticated persistent threats, particularly those originating from nation-state actors.