Summary: A supply chain attack on South Korean VPN provider IPany by the PlushDaemon hacking group resulted in the deployment of the SlowStepper malware through a compromised VPN installer. The attack affected multiple companies, including a semiconductor firm, with signs of infection dating back to November 2023. ESET researchers highlighted the stealthy nature of the malware and its extensive espionage capabilities.

Threat Actor: PlushDaemon | PlushDaemon
Victim: IPany | IPany

Keypoints :

• The attackers compromised IPany’s development platform to insert the SlowStepper backdoor into the VPN installer.
• Infected users unknowingly installed the malicious software alongside the legitimate VPN product.
• SlowStepper is capable of extensive data collection and espionage, including keylogging and webcam access.