An advanced malware linked to a China-based threat actor has resurfaced after four years in a Taiwan manufacturing firm, alongside a new backdoor called Stupig. The kernel-mode rootkit Daxin and its stealthy companion signal evolving threats.
It's been a quiet few years for Daxin, a nasty piece of kernel-mode malware that first made headlines back in 2022. But now, it's back. And it didn't come alone.
Security researchers recently spotted Daxin inside a Taiwan-based manufacturing firm, marking its first known appearance in over four years. Alongside it, they uncovered a brand-new backdoor they've named Stupig. This isn't just a routine threat report—it's a reminder that some digital ghosts never really go away.
### What Is Daxin, and Why Should You Care?
Daxin (also known by its driver name "srt64.sys") is a kernel-mode rootkit. That's a fancy way of saying it burrows deep into the core of your operating system, making it incredibly hard to detect or remove. Think of it like a burglar who not only breaks into your house but also rewires your security system to ignore them.
Originally documented by Broadcom-owned Symantec back in March 2022, Daxin was used in targeted attacks against specific organizations. At the time, it was linked to a threat actor believed to be based in China. Now, after years of silence, it's popped up again—this time inside a manufacturing company in Taiwan.
### The New Player: Stupig Backdoor
What makes this resurgence even more concerning is the discovery of Stupig, a previously unreported backdoor that appeared alongside Daxin. Backdoors are like secret tunnels into a system. Once installed, they let attackers come and go as they please, often without leaving a trace.
Here's what we know about Stupig so far:
- It appears to be a pre-login backdoor, meaning it can activate even before a user logs into the system.
- It's designed to maintain persistent access, so even if the primary malware is removed, the attacker still has a foothold.
- Its exact capabilities are still being analyzed, but early reports suggest it's highly stealthy.
Pairing a rootkit like Daxin with a backdoor like Stupig creates a nightmare scenario for security teams. You're not just dealing with one threat—you're dealing with a coordinated attack that's designed to survive cleanup efforts.
### Why This Matters for Businesses Today
You might be thinking, "This sounds like something only big corporations or government agencies need to worry about." And sure, those are the typical targets. But here's the thing: threat actors are getting smarter. They don't just go after obvious targets anymore. They follow the path of least resistance, which often leads through smaller suppliers, contractors, or partners.
If you're in manufacturing, logistics, or any industry that relies on interconnected systems, this is a wake-up call. A breach at one company can ripple through the entire supply chain.
### What Can You Do to Protect Yourself?
Look, no one can guarantee 100% protection. But there are steps you can take to make yourself a harder target:
- Keep your systems updated. Outdated software is like leaving your front door unlocked.
- Monitor for unusual kernel-level activity. If something's running at the system level that shouldn't be, investigate.
- Use network segmentation. Don't let every part of your network talk to every other part.
- Train your team. Many attacks start with a simple phishing email.
### The Bottom Line
The reappearance of Daxin alongside Stupig is a stark reminder that cyber threats don't retire. They evolve. They wait. And sometimes, they come back stronger than before.
For security professionals, this is a call to stay vigilant. For everyone else, it's a reason to take your digital defenses seriously. Because in the world of cybersecurity, the quiet periods are often just the calm before the next storm.