Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.
The FalseFont backdoor allows operators to remotely access an infected system and launch additional files.
A faux security alert purports to provide a fix for an RCE flaw, but instead creates a user with admin privileges and spreads a backdoor to infected sites.
Using command-and-control servers from the decade-old Andromeda malware, the group is installing reconnaissance tools and a backdoor on previously infected systems to target Ukrainian victims.
The cyber campaign, aimed at siphoning funds, uses an improved version of the malware, which can adjust infection paths based on recognized antivirus software.