Summary: A newly identified China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack on a South Korean VPN provider, utilizing a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit designed for espionage and data collection, indicating the group’s significant operational capabilities since at least 2019. ESET’s findings highlight the group’s method of hijacking legitimate software updates to deploy malicious code, posing a serious threat to various sectors, including technology and telecommunications.
Threat Actor: PlushDaemon | PlushDaemon
Victim: IPany VPN | IPany VPN
Keypoints :
- PlushDaemon has been operational since at least 2019, targeting multiple countries including South Korea and the United States.
- The group employs a backdoor called SlowStepper, which consists of over 30 modules for espionage and data collection.
- The attack leverages compromised software update channels to distribute malicious installers, posing risks to any user downloading the affected software.
Source: https://thehackernews.com/2025/01/plushdaemon-apt-targets-south-korean.html