Daxin Malware and New Backdoor Stupig Resurface in Taiwan

Daxin Malware and New Backdoor Stupig Resurface in Taiwan

First seen 16 Jul 2026, 08:06 UTC SecurityGbhackerswww.broadcom.com 87% similarity 75.5

Article Content

Browse articles
ThreatCluster

Daxin, a sophisticated backdoor linked to China, has reappeared in Taiwan, targeting a multinational high-tech manufacturer. Discovered in May 2026, it operates stealthily by hijacking legitimate TCP connections for command and control. Alongside Daxin, a new backdoor named Stupig was identified, exhibiting unique persistence techniques. Both tools share compile timestamps from early 2013, suggesting they may have been developed by the same actor. The initial access point was likely an outdated Digiwin single sign-on portal using obsolete Java Development Kit versions. The compromised host had no telemetry prior to May 12, indicating a long-term undetected presence. The resurgence of these tools highlights ongoing espionage operations against strategic targets in Taiwan.

Key Points: • Daxin malware resurfaces in Taiwan, targeting a multinational tech manufacturer. • The new backdoor Stupig shows unique persistence and execution techniques. • Initial access likely exploited outdated software, indicating long-term compromise.

ThreatCluster AI

Timeline

2026-05-12
Telemetry on compromised host begins
The compromised host had no telemetry recorded before this date, indicating a prior undetected presence of malware.
Security
2026-05-28
Detection of a.dll triggers Stupig reappearance
The detection of a.dll led to the discovery of Stupig, renamed to kbdus1.dll, in the system directory.
Security
2026-06-01
Stupig detected in System32 directory
The renamed malware kbdus1.dll was found in the System32 directory, indicating active use on the compromised host.
Security
2026-07-15
Daxin's resurgence reported
Security researchers reported the return of Daxin and the new Stupig backdoor, emphasizing the ongoing espionage threat.
Security
2026-07-16
Daxin and Stupig detailed in cybersecurity analysis
Further analysis confirmed the sophisticated nature of Daxin and the unique characteristics of Stupig, linking them to a China-linked actor.
Gbhackers

Community

Browse all →