Summary: A newly identified Chinese threat group, PlushDaemon, has executed a supply chain attack against South Korean VPN developer IPany, deploying a custom backdoor for cyber-espionage. This attack marks a shift in the group’s tactics, which typically involve hijacking legitimate updates of applications. The group has been active since at least 2019, targeting various regions including South Korea and the US.
Threat Actor: PlushDaemon | PlushDaemon
Victim: IPany | IPany
Keypoints :
- PlushDaemon targeted IPany by planting malicious code in a Windows installer, leading to a supply chain attack.
- The group employs a custom backdoor named SlowStepper, which has multiple modules for extensive data collection and espionage.
- Researchers found the group’s tools hosted on a Chinese platform, indicating a well-developed cyber-espionage capability.