Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
Overview
Daxin, an advanced malware linked to a Chinese threat actor, has been detected again after a four-year gap, this time within a manufacturing firm in Taiwan. This kernel-mode rootkit, identified as 'srt64.sys', was first reported by Symantec in March 2022. Alongside Daxin, researchers have also discovered a new backdoor called Stupig, which has not been previously documented. The resurgence of Daxin raises concerns about targeted attacks on critical infrastructure, particularly in sectors like manufacturing that are vital to the economy. Organizations in Taiwan and similar industries need to be vigilant and reassess their cybersecurity measures to protect against these sophisticated threats.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Daxin malware, Stupig backdoor, Taiwan manufacturing firms
- Action Required: Organizations should enhance their network security protocols and consider implementing advanced threat detection systems.
- Timeline: Ongoing since 2022
Original Article Summary
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin ("srt64.sys"), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted attacks aimed
Impact
Daxin malware, Stupig backdoor, Taiwan manufacturing firms
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Ongoing since 2022
Remediation
Organizations should enhance their network security protocols and consider implementing advanced threat detection systems. Regular system updates and employee training on phishing and social engineering tactics are recommended.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Malware, Critical, Symantec.