PlushDaemon Uses Backdoor EdgeStepper for AitM Attacks and Software Update Hijacking
 The threat group known as PlushDaemon has been detected using a new Go-based network backdoor, called EdgeStepper, to facilitate Adversary in the Middle (AitM) attacks and hijack software update mechanisms. EdgeStepper, a previously undocumented implant, has been designed to reroute victims’ DNS queries to attacker-controlled infrastructure. This backdoor allows PlushDaemon to redirect legitimate software update traffic to malicious nodes, facilitating the delivery of second-stage payloads. The Threat Actor PlushDaemon and His Objectives PlushDaemon is a China-aligned advanced persistent threat (APT) group, active since at least 2018. It has targeted entities in various regions, including the US, New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China. ...