PlushDaemon Strikes Again: China’s Mischievous Hackers Unleash EdgeStepper Backdoor in Global Cyber Comedy
PlushDaemon, a China-aligned threat actor, is using EdgeStepper, a Go-based network backdoor, to stage AitM attacks. By rerouting DNS queries, they’re making software update channels as trustworthy as a used car salesman in a rainstorm. With victims ranging from universities to car companies, EdgeStepper is the latest cyber mischief-maker on the block.
Hot Take:
In the thrilling world of cyber espionage, PlushDaemon is the James Bond of threat actors, except instead of martinis, they prefer coding in Go. EdgeStepper is their latest gadget, turning routers into secret agents and DNS queries into covert messages. Move over, 007; there’s a new player in town, and they’ve got a plush little daemon doing all the dirty work!
Key Points:
- PlushDaemon is a China-aligned threat actor using a Go-based network backdoor called EdgeStepper for adversary-in-the-middle (AitM) attacks.
- EdgeStepper hijacks DNS queries to redirect software update traffic to attacker-controlled nodes.
- PlushDaemon has been active since at least 2018, attacking entities across the globe, including the U.S., South Korea, and Taiwan.
- EdgeStepper consists of a Distributor module and Ruler component to manipulate IP filter rules using iptables.
- SlowStepper, a feature-rich implant, aids in data extraction and system compromise once deployed by EdgeStepper.
Already a member? Log in here