Malware, Network Security, Threat Intelligence

New Chinese cyberespionage campaign targeted South Korean VPN service

China Flag Made of Binary Code and Chinese Symbols on Red Backgr

Organizations across East Asia, including a semiconductor firm and software development company in South Korea and others in China and Japan, have been targeted by newly discovered Chinese advanced persistent threat operation PlushDaemon with the SlowStepper malware in a cyberespionage intrusion involving a malicious installer for South Korean VPN provider IPany, according to The Hacker News.

Execution of the trojanized installer — which took the place of IPany's legitimate one following a supply chain attack by PlushDaemon in 2023 — triggers deployment of a loader with another DLL eventually resulting in the running of SlowStepper, which supports commands enabling extensive system info theft, file deletion, Python module execution, and self-deletion, an analysis from ESET revealed. "The numerous components in the PlushDaemon toolset, and its rich version history, show that, while previously unknown, this China-aligned APT group has been operating diligently to develop a wide array of tools, making it a significant threat to watch for," said ESET.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds