🟠 High  |  Source: The Hacker News


Daxin, a sophisticated kernel-mode rootkit previously linked to Chinese state-sponsored threat actors, has reappeared at a Taiwanese manufacturing firm over four years after its initial public disclosure. Alongside it, researchers discovered a previously undocumented backdoor called Stupig, capable of operating before user login at SYSTEM-level privileges. The combination represents a highly capable, stealthy intrusion toolkit likely used for long-term espionage within critical industrial environments.

Security Architect’s Take: Review endpoint detection coverage for kernel-mode drivers — particularly unsigned or anomalous kernel modules such as ‘srt64.sys’ — and ensure EDR solutions are configured to alert on pre-boot and pre-login persistence mechanisms. Manufacturing and OT-adjacent environments should audit privileged access paths and verify integrity of kernel drivers as a priority given this threat actor’s targeting pattern.

Original advisory: Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor