The threat actor known as PlushDaemon has recently been observed utilizing a previously undocumented Go-based network backdoor, referred to as EdgeStepper. This sophisticated malware enables adversary-in-the-middle (AitM) attacks by redirecting all DNS queries to an external, malicious hijacking node. As a result, the malware effectively reroutes traffic away from legitimate infrastructure typically used for software updates, channeling it instead through attacker-controlled resources.
By hijacking legitimate DNS queries, EdgeStepper places users at a significant risk, as their systems may inadvertently connect to compromised infrastructure. This can facilitate the deployment of malicious updates or software, leading to potential data breaches or further exploitation. The emergence of this backdoor underscores the persistent threat posed by advanced persistent threats (APTs) in the cybersecurity landscape, highlighting the need for proactive security measures to protect against such malicious activities.
👉 Pročitaj original: The Hacker News
