PlushDaemon, a China-aligned threat group, has been active since 2018, employing the EdgeStepper tool to infiltrate networks. By intercepting legitimate software updates, they can inject malware into seemingly authentic installation processes. Their campaigns have spanned the United States, Taiwan, China, and more, leveraging various attack vectors such as exploiting software vulnerabilities and weak credentials.
Recent investigations revealed involvement in a significant supply-chain attack affecting a South Korean VPN service, showcasing their operational scale. ESET security analysts analyzed an ELF binary linked to PlushDaemon, uncovering how EdgeStepper hijacks DNS queries, redirecting users to malicious servers during software updates. This multi-stage infection process helps them circumvent traditional security defenses, demonstrating a method of operation that is both refined and dangerous. Their capabilities highlight the need for increased vigilance against such sophisticated cyber threats.
👉 Pročitaj original: Cyber Security News
