A China-linked threat actor called PlushDaemon is hijacking software update traffic through a new implant named EdgeStepper to carry out cyberespionage. This group has targeted multiple countries and industries using sophisticated malware and network hijacking techniques. #PlushDaemon #EdgeStepper #SlowStepper
Keypoints
- PlushDaemon has been active since 2018, targeting sectors across various countries.
- The threat actor exploits known vulnerabilities and weak passwords to access routers.
- They use the EdgeStepper implant to intercept DNS queries and redirect software updates.
- Malware used includes LittleDaemon, DaemonicLogistics, and the backdoor SlowStepper.
- The attack enables detailed system data theft and remote command execution, showing global reach.