Summary: A new Chinese state-sponsored hacker group, PlushDaemon, has been targeting users in East Asia through an espionage campaign involving a compromised VPN installer from South Korean firm IPany. The attackers deployed custom malware capable of extensive data collection and spying on victims. Although discovered recently, PlushDaemon has been active since at least 2019, focusing on espionage against various entities across multiple countries.
Threat Actor: PlushDaemon | PlushDaemon
Victim: IPany | IPany
Keypoints :
- PlushDaemon compromised IPany’s legitimate VPN installer to deploy a backdoor for data collection.
- The malicious installer was detected in May 2023, affecting users in South Korea, Japan, and China.
- ESET reported that PlushDaemon has been developing a diverse toolset for espionage since at least 2019.
Source: https://therecord.media/china-hacker-group-vpns-backdoor