Cisa impone patch urgenti per vulnerabilità Fortinet mentre attacchi colpiscono router Asus e supply-chain con PlushDaemon, aumentando i rischi cyber globali.

#apt #ASUS #cina #cisa #exploit #Fortinet #PlushDaemon
www.matricedigitale.it/2025/11/19/c...

ESET found an ELF implant (bioset) dubbed EdgeStepper that redirects DNS from compromised routers to hijack software updates and deploy SlowStepper; downloaders LittleDaemon/DaemonicLogistics observed. #PlushDaemon #EdgeStepper #SlowStepper https://bit.ly/3LLDkUQ

‘PlushDaemon’ hackers hijack software updates in supply-chain attacks vulnerabilities or weak admin passwords read more about ‘PlushDaemon’ hackers hijack software updates in supply-chain attacks

‘PlushDaemon’ hackers hijack software updates in supply-chain attacks reconbee.com/plushdaemon-...

#plushdaemon #hackers #hacking #hacked #software #supplychainattacks #cyberattack

PlushDaemon's EdgeStepper Implant

~Eset~
PlushDaemon deploys the EdgeStepper network implant to hijack software updates via adversary-in-the-middle attacks.
-
IOCs: 8. 212. 132. 120, 47. 242. 198. 250, ds20221202. dsc. wcsset. com
-
#EdgeStepper #PlushDaemon #ThreatIntel

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper "redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure

iT4iNT SERVER EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates VDS VPS Cloud #CyberSecurity #Malware #DNSHijacking #PlushDaemon #EdgeStepper

PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5

Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor Follow us on Bluesky, Twitter (X) and Facebook at @Hackread

🚨 PlushDaemon, a China-linked APT targeting S. Korea with a SlowStepper backdoor, SlowStepper. Using a supply chain attack, it infiltrates #VPN software to steal sensitive data.

Read: hackread.com/chinese-plus...

#CyberSecurity #PlushDaemon #APT #SlowStepper

IPany VPN breached in supply-chain attack to push custom malware South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper'…

IPany VPN がサプライチェーン攻撃で侵害され、カスタムマルウェアが拡散される

IPany VPN breached in supply-chain attack to push custom malware #BleepingComputer (Jan 22)

#IPany #PlushDaemon #SlowStepper #サプライチェーン攻撃 #VPNセキュリティ

China-linked hacker group targets victims in East Asia with malicious VPN installers The group compromised a virtual private network installer developed by the South Korean firm IPany to deploy custom malware on victims' devices.

中国関連のハッカーグループが悪質なVPNインストーラーで東アジアの被害者を狙う

China-linked hacker group targets victims in East Asia with malicious VPN installers #TheRecord (Jan 23)

#PlushDaemon #VPN #マルウェア #サイバースパイ #ESET

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack has been active since at least 2019 read more about PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack reconbee.com/plushdaemon-...

#PlushDaemon #APT #southkorean #VPN #supplychainattack #cyberattack #CyberSecurityAwareness

PlushDaemon APT Group Targets South Korean VPN Provider ESET has identified a new advanced persistent threat group named PlushDaemon, linked to a supply chain attack on a South Korean VPN provider in 2023, which involved the deployment of a malicious backdoor through compromised software updates.

A new advanced persistent threat group, #PlushDaemon, has emerged, targeting a South Korean VPN provider. They used a supply chain attack to deploy a malicious backdoor via compromised software updates. Stay alert to potential risks. #cybersecurity #threat

JSAC2025 – Tokyo, January 21-22, 2025 JSAC is an annual event for security analysts held by JPCERT/CC.

We presented about #PlushDaemon at #jpcert_ac
on January 22, 2025: jsac.jpcert.or.jp 5/6

#ESETresearch discovered + named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese...
🧵1/6