Chinese Cyberspies Target South Korean VPN in Supply Chain Attack

Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Summary: A newly identified Chinese threat group, PlushDaemon, has executed a supply chain attack against South Korean VPN developer IPany, deploying a custom backdoor for cyber-espionage. This attack marks a shift in the groupโ€™s tactics, which typically involve hijacking legitimate updates of applications. The group has been active since at least 2019, targeting various regions including South Korea and the US.

Threat Actor: PlushDaemon | PlushDaemon
Victim: IPany | IPany

Keypoints :

  • PlushDaemon targeted IPany by planting malicious code in a Windows installer, leading to a supply chain attack.
  • The group employs a custom backdoor named SlowStepper, which has multiple modules for extensive data collection and espionage.
  • Researchers found the groupโ€™s tools hosted on a Chinese platform, indicating a well-developed cyber-espionage capability.

Source: https://www.darkreading.com/threat-intelligence/chinese-cyberspies-target-south-korean-vpn-supply-chain-attack