Chinese Cyber Group Targets South Korean VPN Developer
/ 1 min read
🕵️♂️💻 New Chinese Cyber Threat Group Targets South Korean VPN Developer. A recently identified Chinese threat group, dubbed PlushDaemon, has executed a supply chain attack on South Korean VPN developer IPany, deploying a custom backdoor to facilitate cyber-espionage. ESET Research reported that the group typically hijacks legitimate software updates but diverged from its usual tactics by embedding malicious code in an NSIS installer for IPany’s Windows VPN software. The attack, which began in May 2024, has affected users in South Korea, Japan, and China, with the backdoor known as SlowStepper capable of extensive data collection and surveillance. ESET warns that PlushDaemon represents a significant new threat in the landscape of Chinese cyber-espionage activities.
