PlushDaemon Targets South Korean VPN in Supply-Chain Attack
/ 1 min read
🎭 China-aligned APT group PlushDaemon targets South Korean VPN in supply-chain attack. ESET researchers have identified PlushDaemon, a cyberespionage group linked to China, which executed a supply-chain compromise of the South Korean VPN software IPany in 2023. The attackers replaced the legitimate installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper, featuring over 30 components for espionage. This operation highlights PlushDaemon’s tactics, including hijacking legitimate software updates and exploiting vulnerabilities in web servers. The group has been active since at least 2019, targeting entities across East Asia and beyond, and its toolkit poses a significant threat to cybersecurity. For further details, ESET has published a comprehensive analysis of the attack and its implications.
