ESET found an ELF implant (bioset) dubbed EdgeStepper that redirects DNS from compromised routers to hijack software updates and deploy SlowStepper; downloaders LittleDaemon/DaemonicLogistics observed. #PlushDaemon #EdgeStepper #SlowStepper https://bit.ly/3LLDkUQ
#SlowStepper is a feature-rich backdoor with a toolkit of more than 30 components. We analyzed and documented it in a previous blogpost about the compromise of a South Korean VPN service provider. www.welivesecurity.com/en/eset-rese... 4/5
When the software communicates with the hijacking node, it issues instructions to download an update for a DLL; in reality, the downloaders that we call LittleDaemon and DaemonicLogistics ultimately deploy the #SlowStepper backdoor. 3/5
ðš PlushDaemon, a China-linked APT targeting S. Korea with a SlowStepper backdoor, SlowStepper. Using a supply chain attack, it infiltrates #VPN software to steal sensitive data.
Read: hackread.com/chinese-plus...
#CyberSecurity #PlushDaemon #APT #SlowStepper
IPany VPN ããµãã©ã€ãã§ãŒã³æ»æã§äŸµå®³ãããã«ã¹ã¿ã ãã«ãŠã§ã¢ãæ¡æ£ããã
IPany VPN breached in supply-chain attack to push custom malware #BleepingComputer (Jan 22)
#IPany #PlushDaemon #SlowStepper #ãµãã©ã€ãã§ãŒã³æ»æ #VPNã»ãã¥ãªãã£
#ESETresearch discovered + named ðšð³ China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a ð°ð· South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese...
ð§µ1/6
