Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Daxin Malware Reappears in Taiwan with New Stupig Backdoor

Daxin Malware Reappears in Taiwan with New Stupig Backdoor

Posted on July 16, 2026 By CWS

An advanced malware known as Daxin, associated with a China-linked threat actor, has reemerged within a Taiwanese manufacturing firm. Alongside it, a new backdoor called Stupig has been identified, marking a significant cybersecurity concern.

Background on Daxin Malware

Daxin, first documented by Symantec in March 2022, is a kernel-mode rootkit used in targeted attacks against government and critical infrastructure since 2013. The recent discovery by Symantec and the Carbon Black Threat Hunter Team indicates that Daxin is still active, having been found on a compromised host in Taiwan in 2026. This machine, part of a Taiwanese subsidiary of a multinational high-tech company, was also infected with Stupig, a previously unreported backdoor.

The Stupig backdoor disguises itself as a legitimate Microsoft DLL, allowing attackers to execute commands directly from the Windows logon screen without triggering any audit events, providing a stealthy method of intrusion.

Technical Details and Analysis

The Daxin malware utilizes a unique command-and-control approach, avoiding direct network connections. Instead, it monitors incoming TCP traffic for specific patterns and hijacks existing connections for encrypted communications. This method allows it to blend seamlessly with regular network activities, making detection challenging. Furthermore, it supports multi-hop communications, enabling operators to reach isolated network segments.

Stupig achieves persistence by masquerading as a keyboard-layout provider, loaded at system startup. Once active, it monitors for usernames beginning with “stupig” and executes any subsequent commands with SYSTEM privileges. This capability provides attackers substantial control over the compromised system.

Implications and Future Outlook

The resurfacing of Daxin suggests that the cyber espionage operation never fully ceased but rather adapted to maintain a low profile. The combination of Daxin and Stupig, despite having no code-level similarities, implies a coordinated effort by the same threat actor, leveraging complementary functionalities.

This revelation comes as Hunt.io reports other China-linked threat activities using advanced models to automate intrusions against various global targets. The discovery of shared infrastructure and methodologies highlights the ongoing sophistication and persistence of these threat actors.

Understanding and mitigating these threats requires continuous vigilance and the deployment of advanced detection techniques to protect against such stealthy and persistent cyber intrusions.

The Hacker News Tags:Backdoor, Carbon Black, China, Cybersecurity, Daxin, Malware, network security, Stupig, Symantec, Taiwan, threat actor

Post navigation

Previous Post: Next.js Enhances Security with Monthly Update Program
Next Post: AI Security Testing Evolves with New Threats

Related Posts

Microsoft Secures Defender Against Critical Privilege Flaw Microsoft Secures Defender Against Critical Privilege Flaw The Hacker News
OpenAI Unveils GPT-5.6 Sol with Enhanced Security OpenAI Unveils GPT-5.6 Sol with Enhanced Security The Hacker News
China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations The Hacker News
Verification Steps: The New ATO Challenge in 2026 Verification Steps: The New ATO Challenge in 2026 The Hacker News
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution The Hacker News
Navigating the Mythos Era with Network Detection and Response Navigating the Mythos Era with Network Detection and Response The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats
  • Daxin Malware Reappears in Taiwan with New Stupig Backdoor
  • Next.js Enhances Security with Monthly Update Program
  • AI Agents Vulnerable to New Data Injection Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats
  • Daxin Malware Reappears in Taiwan with New Stupig Backdoor
  • Next.js Enhances Security with Monthly Update Program
  • AI Agents Vulnerable to New Data Injection Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark