PlushDaemon APT Group Targets South Korean VPN Provider
/ 1 min read
🔗 New APT Group PlushDaemon Linked to South Korean VPN Supply Chain Attack. ESET has identified a previously undocumented advanced persistent threat (APT) group named PlushDaemon, believed to be aligned with China, which executed a supply chain attack on a South Korean VPN provider in 2023. The attackers replaced the legitimate software installer with a malicious version that deployed a sophisticated backdoor called SlowStepper, featuring over 30 components for espionage and data collection. This group has been active since at least 2019, targeting various countries, including South Korea and the U.S. The attack exploited legitimate software update channels, raising concerns about the security of software supply chains and the potential risks to users who downloaded the compromised software.
