As reported by The Hacker News, an advanced malware known as Daxin, previously linked to a China-affiliated threat actor, has reappeared after over four years. The malware was discovered within a Taiwan-based manufacturing firm, accompanied by a newly identified backdoor named Stupig, according to an analysis by the Symantec and Carbon Black Threat Hunter Team.The kernel-mode rootkit, Daxin, first documented in March 2022, was found operating on a compromised host in Taiwan in 2026. This host belonged to a subsidiary of a multinational high-tech manufacturer and was also infected with Stupig, a backdoor disguised as a legitimate Microsoft DLL. Stupig employs a novel technique, allowing attackers to execute commands with System privileges directly from the Windows logon screen before any user signs in, bypassing standard audit logs. Although no direct code overlap exists between Daxin and Stupig, their co-deployment, complementary functions, and identical 2013 compilation timestamps suggest a common origin.Daxin utilizes a stealthy command-and-control method by hijacking legitimate network connections, making it difficult to detect with conventional monitoring. The intrusion is suspected to have exploited an outdated Digiwin single sign-on portal using legacy Java Development Kit versions. The discovery indicates that the cyber espionage operation has maintained stealthy persistence, highlighting the evolving tactics of sophisticated threat actors.Source: The Hacker News




