Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.
An attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.