ESET discovers new China-aligned APT group and its supply chain attack on South Korean VPN service
In this cyberespionage operation, the attackers replaced the legitimate installer with one that also deployed the group's signature implant, which ESET has named SlowStepper — a feature-rich backdoor with a toolkit of more than 30 components. The China-aligned threat actor has been active since at least 2019, engaging in espionage operations against individuals and entities in mainland China, Taiwan, Hong Kong, South Korea, the United States, and New Zealand.
'In May 2024, we noticed detections of malicious code in an NSIS installer for Windows that users from South Korea had downloaded from the website of the legitimate VPN software IPany. In further analysis, we discovered that the installer was deploying both the legitimate software and the backdoor. We contacted the VPN software developer to inform them of the compromise, and the malicious installer was removed from their website', says ESET researcher Facundo Muñoz, who made the discovery.
Additionally, PlushDaemon gains initial access via the technique of hijacking legitimate updates of Chinese applications by redirecting traffic to attacker-controlled servers. ESET has also observed the group gaining access via vulnerabilities in legitimate web servers.
The SlowStepper backdoor is used exclusively by PlushDaemon. This backdoor is notable for its multistage C&C protocol using DNS, as well as its ability to download and execute dozens of additional Python modules with espionage capabilities.
The malware collects a wide range of data from web browsers; is capable of taking photos; scans for documents; collects information from various applications, including messaging applications (e.g., WeChat, Telegram); can spy via audio and video; and steals password credentials.
'The numerous components in the PlushDaemon toolset, and its rich version history, show that, while previously unknown, this China-aligned APT group has been operating diligently to develop a wide array of tools, making it a significant threat to watch out for', concludes Muñoz.
For a more detailed analysis and technical breakdown of PlushDaemon's toolset, check out the latest ESET Research blogpost 'China-aligned PlushDaemon compromises supply chain of Korean VPN service' on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.
Image Credit: ESET
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
9 hours ago
- Zawya
HGC Appoints Argon Ho as Chief Commercial Officer of Group ICT Business
HONG KONG SAR - Media OutReach Newswire - 20 August 2025 - HGC Global Communications (" HGC" or the "Group"), a fully-fledged ICT service provider and network operator with extensive global coverage, today announced the appointment of Argon Ho as Chief Commercial Officer – Group ICT Business, with immediate effect. In this role, Argon will oversee the Group's ICT organisation and enhance ICT spread out — driving the Group horizontal growth across cybersecurity, digital solutions and cloud through AI, while pursuing project-based vertical penetration within existing accounts and into new markets, and concurrently expanding HGC's international footprint. With over 30 years in ICT, Argon is a widely recognised leader in Greater China's technology market, especially in enterprise software and applications. His extensive expertise spans strategic planning, cyber security, and data governance. Prior to joining HGC, he honed through tenures as Managing Director of Check Point Software Technologies for the Greater China Region and General Manager at Cisco Hong Kong and Macau. Beyond his corporate achievements, Argon actively contributes to the community through advisory and directorial roles in organizations such as the Institute of Big Data Governance, the eHealth Consortium, and the Senior Citizen Home Safety Association, among others. In his new role, Argon will champion the growth of ICT business by accelerating the adoption of cutting-edge technologies, simplifying digital transformation for clients, and delivering AI empowered ICT solutions and platform that meet the evolving needs of mass market, corporate and SME customers. Argon will also support corporate customers in expanding their business overseas seamlessly by leveraging the Group's regional strengths. Additionally, he will drive the Group regional expansion by strengthening system integration and enhancing ICT and digital solutions locally and internationally. Andrew Kwok, Chief Executive Officer of HGC, said, "We are delighted to welcome Argon to HGC. His expertise and leadership will help advance our ICT strategies and support the Group's continuous growth in the region. Argon's appointment reinforces our focus on expanding our ICT business and achieving our goal of advancing global connectivity and innovation. We are confident that, under Argon's leadership, our ICT business will reach new heights, unlock future growth opportunities and further enhance our competitiveness in dynamic markets." Argon Ho, Chief Commercial Officer – Group ICT Business at HGC, said, "I am honored to join HGC and its dynamic and innovative team. Leveraging the Group's robust regional infrastructure, strong ecosystem partnerships, and pool of top talent, we are well-positioned to harness emerging technologies like AI to deliver customized ICT solutions that empower clients at every level on their digital transformation journey. Moving forwards, we will focus on AI integration, cybersecurity, and regional expansion, to drive the continued growth of our ICT business and reinforce HGC's reputation as a leading provider of innovative ICT solutions." Hashtag: #HGC #HGC環電 #Leadership #HGCInternationalBusiness #GlobalGrowth #ICT #DataStrategy #DigitalInfrastructure #CarrierCollaboration #Telecommunications #CloudCommunications #GoAhead #GotYourBack The issuer is solely responsible for the content of this announcement. About HGC Global Communications Limited HGC Global Communications Limited (HGC) is a leading Hong Kong and international telecom operator and ICT solution provider. The company owns an extensive network and infrastructure in Hong Kong and overseas and provides various kinds of services. HGC has 20 global offices and staff presence in 33 cities worldwide. It provides telecom infrastructure service to other operators and serves as a service provider to corporate and households. The company provides full-fledged telecom, data centre services, ICT solutions and broadband services for local, overseas, corporate, SME and mass markets. HGC owns and operates an extensive fibre-optic network, five cross-border telecom routes integrated into tier-one telecom operators in mainland China and connects with hundreds of world-class international telecom operators. The company is committed to further investing and enriching its current infrastructure and, in parallel, adding on top the latest technologies and developing its infrastructure services and solutions. In 2019, HGC Group completed the acquisition of Macroview Telecom Limited (Macroview), a leading digital technology solution and managed services provider. The addition of Macroview further accelerates HGC Group's digital transformation path and positioning as a pioneering ICT and digital services leader. HGC is a portfolio company of I Squared Capital, an independent global infrastructure investment manager focusing on energy, utilities, transport, social infrastructure, digital infrastructure, and environmental infrastructure in North America, Europe, Latin America and Asia. To learn more, please visit HGC's website at: HGC Global Communications
Khaleej Times
18 hours ago
- Khaleej Times
White House launches TikTok account with Trump saying 'I am your voice'
The White House launched an official TikTok account on Tuesday, taking advantage of the short video app's more than 170 million US users to spread the messages of President Donald Trump. Trump has a soft spot for the popular app, crediting it with helping him gain support among young voters when he defeated Democrat Kamala Harris in the November 2024 presidential election. Lawmakers in Washington worry, however, that its US user data could fall into the hands of China's government. Trump has been working on a deal for US investors to buy the app from TikTok's Chinese parent, ByteDance. Past intelligence assessments have said the app's owners are beholden to the Chinese government and that it could be used to influence Americans. The new account, @whitehouse, went live on Tuesday evening with an initial video showing footage of Trump as he declares: "I am your voice." "America we are BACK! What's up TikTok?" the caption read. The TikTok account Trump used for his presidential campaign last year, @realdonaldtrump, has more than 15 million followers. The Republican president also relies heavily on his Truth Social account to deliver his message and posts occasionally on his X account. "The Trump administration is committed to communicating the historic successes President Trump has delivered to the American people with as many audiences and platforms as possible," White House press secretary Karoline Leavitt said. "President Trump's message dominated TikTok during his presidential campaign, and we're excited to build upon those successes and communicate in a way no other administration has before," she said. A 2024 law required TikTok to stop operating by January 19 of this year unless ByteDance had completed divesting the app's US assets or demonstrated significant progress toward a sale. Trump opted not to enforce the law after he began his second term as president on January 20. He first extended the deadline to early April, then to June 19 and then again to September 17. Extensions to the deadline have drawn criticism from some lawmakers, who argue the Trump administration is flouting the law and ignoring national security concerns related to Chinese control over TikTok.
Zawya
19 hours ago
- Zawya
Foxconn Technology Invests US$30 Million in Robocore to Expand into Medical and Elderly Care Robotics Market
Projects 5X Revenue Growth by 2028, Accelerates Global Market Leadership and Paves the Way for IPO HONG KONG SAR - Media OutReach Newswire - 20 August 2025 - Robocore Technology Limited (Robocore), a partner company of Hong Kong Science and Technology Parks Corporation (HKSTP), is pleased to announce the recent completion of its Series D funding. As the world's largest precision electronics manufacturer, Foxconn Technology Co., Ltd. ("FTC"), through its wholly-owned subsidiary Q-Run Holdings Limited, has made a strategic investment in Robocore's wholly-owned subsidiary RoboTemi Global Ltd. This investment marks FTC's official entry into the smart robotics market, bolstering its smart manufacturing and artificial intelligence (AI) ecosystem, while paving the way for Robocore's future IPO. The transaction involves a total potential investment of up to US$30 million from FTC, beginning with an initial US$10 million investment in preferred shares, acquiring a 6.6% equity stake in RoboTemi Global Ltd. The agreement also includes two subsequent investment tranches of US$10 million each, which may be exercised on the first and second anniversaries of the initial investment. Valuations for these tranches will be determined by mutual agreement or third-party assessment. "This is more than a capital injection — it's an affirmation of our company's future prospects," said Mr Roy Lim, CEO of Robocore Technology. "With world-leading manufacturing and supply chain capabilities, FTC will join forces with us to accelerate our growth, expand into new markets, and help us stride confidently toward our IPO milestone." Mr Eric Or, Acting Chief Operating Officer of HKSTP, said, "AI empowers Hong Kong's long-term economic development. HKSTP is pleased to see Robocore's rapid growth and global impact. Robocore's successful funding round not only signifies that a world-leading technology enterprise has endorsed its core robotics technology, but also proves that Hong Kong's tech ventures can firmly establish their position on the global stage." Headquartered in Hong Kong Science Park, Robocore is the world's leading open-platform service robotics enterprise. Its products are deployed at nearly 20,000 client sites worldwide. Additionally, it serves over 5,000 sites in the US, spanning hospitals, elderly homes, retail chains, and households. In New York State alone, more than 200 elderly homes use its temi robots to assist doctors in completing remote diagnoses within two minutes — significantly reducing insurance costs and improving medical coverage rates. Moreover, approximately 50 four-star and five-star hotels, 1,300 universities, secondary and primary schools, over one hundred smart buildings and shopping malls and 2,000 system integrators with development capabilities in the world are using Robocore's products. With FTC's strategic and manufacturing support, Robocore is expected to achieve three-fold revenue growth over the next three years and aims for a five-fold increase by 2028. The company's growth will be primarily driven by accelerated expansion in the US, Europe, and Asia. Robocore plans to initiate its IPO process within five years, aiming to become one of the world's fastest-growing service robotic enterprises. Proceeds from this funding round will be mainly used to strengthen Robocore's telemedicine business in the US, Europe and Japan, launch new products for mainland China's consumer market, and expand global sales and marketing operations. These initiatives aim to further consolidate its industry leadership position while preparing for a pre-2030 IPO. Hashtag: #Technology #robotics #robot #ftc Robotemi website: youtube: The issuer is solely responsible for the content of this announcement. About Robocore Technology Limited Robocore Technology Limited is a Hong Kong-based robotics company headquartered in the Hong Kong Science Park. Founded with a mission to transform human–robot interaction, Robocore designs, develops, and manufactures advanced robotics for healthcare, education, consumer, and smart facility management markets. Its wholly-owned subsidiary, RoboTemi Global Ltd., based in Israel, is the developer of the globally recognised temi robot, which is deployed in markets worldwide. For details, please visit: About Foxconn Technology Co., Ltd. Foxconn Technology Co., Ltd. (FTC, is an independent listed company and a member of Foxconn Group, headquartered in New Taipei City, Taiwan. The company specializes in Original Design Manufacturing (ODM) services for electronic products, with core competencies encompassing precision metal processing, thermal module, and system assembly. Robocore
