Researchers have discovered a new supply chain attack that is targeting a South Korean VPN provider. The attack is being conducted by a China-aligned APT group, PlushDaemon. In the attacks, PlushDaemon is compromising the VPN’s legitimate installer and replacing it with a malicious version containing a backdoor. The threat group has been operating since at least 2019, conducting espionage operations against individuals and organizations in China, Taiwan, Hong Kong, South Korea, the U.S., and New Zealand. 

Read more: https://www.helpnetsecurity.com/2025/01/22/plushdaemon-apt-slowstepper-supply-chain-compromise/