DMR News

Advancing Digital Conversations

News Asia-Pacific Latest Technology

Chinese Hacking Group PlushDemon Exploits VPN Website in Espionage Attack

ByYasmeeta Oon

Jan 24, 2025

Chinese Hacking Group PlushDemon Exploits VPN Website in Espionage Attack

In a sophisticated cyberespionage operation, the Chinese hacking group PlushDemon has compromised the website of South Korean VPN provider IPany, distributing malware to unsuspecting users. ESET, a leading cybersecurity firm, traced the attack back to PlushDemon, known for its cyber activities since 2019. The breach, uncovered in May 2024, represents a significant supply chain attack, endangering countries such as China, Taiwan, South Korea, and the United States.

ESET’s antivirus software first flagged the malware infections on Windows computers, leading investigators to discover that the website of IPany was the source of the malicious installer. PlushDemon’s SlowStepper backdoor was embedded in the software, enabling secret communication with the hackers’ command and control servers. This compromise of a widely used third-party software allowed PlushDemon to potentially spy on high-value targets.

Impact on High-Value Targets

“Via ESET telemetry, we found that several users attempted to install the trojanized software in the network of a semiconductor company and an unidentified software development company in South Korea,” – ESET

The incident highlights the reach and impact of PlushDemon’s tactics. The earliest cases detected by ESET involved victims from Japan in November 2023 and from China in December 2023. The hacking group exploited the popularity of IPany’s VPN service to distribute their malware across a broad user base.

“Upon further analysis, we discovered that the installer was deploying both the legitimate software and the backdoor that we’ve named SlowStepper,” – ESET

ESET promptly informed IPany about the security breach, leading to the removal of the malicious installer from their website. Despite the quick action taken, the attack may have already facilitated espionage activities against strategic targets in critical industries.

“Therefore, we believe that anyone using the IPany VPN might have been a valid target,” – ESET

PlushDemon’s actions underscore the vulnerability of supply chains in the digital age, as well as the persistent threat posed by state-sponsored hacking groups. The incident serves as a reminder for companies worldwide to bolster cybersecurity measures and remain vigilant against such sophisticated attacks.

What The Author Thinks

PlushDemon’s actions underscore the vulnerability of supply chains in the digital age, as well as the persistent threat posed by state-sponsored hacking groups. The incident serves as a reminder for companies worldwide to bolster cybersecurity measures and remain vigilant against such sophisticated attacks. The need for enhanced security protocols and regular audits of software supply chains has never been more critical, as cybercriminals continue to exploit every available avenue to infiltrate valuable corporate and government networks.

Featured image credit: Nick Kenrick via Flickr

Follow us for more breaking news on DMR

Yasmeeta Oon

Just a girl trying to break into the world of journalism, constantly on the hunt for the next big story to share.

Related News

Oracle’s Stock Soars Amid Major AI Infrastructure Initiative with Trump Announcement
Jan 24, 2025 Yasmeeta Oon
Rhaine Medical Spa Announces “New Year, New Beauty Goals” Event in Breckenridge
Jan 24, 2025 Ethan Lin
New company See Our Earth Combines Adventure with Environmental Stewardship and Sustainability
Jan 24, 2025 Ethan Lin

Leave a Reply

Your email address will not be published. Required fields are marked *

DMR News (Digital Market Reports) is a brand of PulseDirect Communication LLC.

DMR News was established in 2020 to be a trusted source for digital market news and to encourage more conversations about the ever-evolving digital landscape. The inception of DMR News was marked by a recognition of the rapidly evolving digital landscape and the need for a dedicated platform that could keep pace with its constant transformations.

PulseDirect Communication LLC
30 N Gould ST STE R, Sheridan, WY 82801, USA

DMR News

Advancing Digital Conversations

© 2024 PulseDirect Communication LLC. All rights reserved. | 30 N Gould ST STE R, Sheridan, WY 82801