What's Happening?
A hacking group known as PlushDaemon, aligned with China, has been deploying a new network implant for cyber espionage. Active since 2018, PlushDaemon targets organizations globally, including in the U.S.,
Taiwan, and South Korea. The group uses adversary-in-the-middle (AitM) attacks by hijacking legitimate updates of Chinese applications. Recently, they were involved in a supply chain attack on a South Korean VPN company. Researchers discovered a new tool, EdgeStepper, which redirects DNS traffic to malicious nodes, allowing the installation of harmful updates. This tool enables PlushDaemon to compromise targets worldwide.
Why It's Important?
The activities of PlushDaemon highlight the ongoing threat of cyber espionage, particularly from groups aligned with nation-states like China. Such attacks can compromise sensitive information and disrupt operations across various sectors, including technology and defense. The U.S. and other affected countries must enhance cybersecurity measures to protect against these sophisticated threats. The global nature of these attacks underscores the need for international cooperation in cybersecurity to safeguard critical infrastructure and data.
