ESET discovers new China-aligned APT group and its supply chain attack on South Korean VPN service
ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a newly discovered and previously undetected China-aligned APT group that ESET has named PlushDaemon.
In this cyberespionage operation, the attackers replaced the legitimate installer with one that also deployed the group's signature implant, which ESET has named SlowStepper — a feature-rich backdoor with a toolkit of more than 30 components. The China-aligned threat actor has been active since at least 2019, engaging in espionage operations against individuals and entities in mainland China, Taiwan, Hong Kong, South Korea, the United States, and New Zealand.
'In May 2024, we noticed detections of malicious code in an NSIS installer for Windows that users from South Korea had downloaded from the website of the legitimate VPN software IPany. In further analysis, we discovered that the installer was deploying both the legitimate software and the backdoor. We contacted the VPN software developer to inform them of the compromise, and the malicious installer was removed from their website', says ESET researcher Facundo Muñoz, who made the discovery.
Additionally, PlushDaemon gains initial access via the technique of hijacking legitimate updates of Chinese applications by redirecting traffic to attacker-controlled servers. ESET has also observed the group gaining access via vulnerabilities in legitimate web servers.
The SlowStepper backdoor is used exclusively by PlushDaemon. This backdoor is notable for its multistage C&C protocol using DNS, as well as its ability to download and execute dozens of additional Python modules with espionage capabilities.
The malware collects a wide range of data from web browsers; is capable of taking photos; scans for documents; collects information from various applications, including messaging applications (e.g., WeChat, Telegram); can spy via audio and video; and steals password credentials.
'The numerous components in the PlushDaemon toolset, and its rich version history, show that, while previously unknown, this China-aligned APT group has been operating diligently to develop a wide array of tools, making it a significant threat to watch out for', concludes Muñoz.
For a more detailed analysis and technical breakdown of PlushDaemon's toolset, check out the latest ESET Research blogpost 'China-aligned PlushDaemon compromises supply chain of Korean VPN service' on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.
Image Credit: ESET
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The National
2 days ago
- The National
Scale AI's Alexandr Wang says US is trailing China on data
Scale AI founder Alexandr Wang said that in the race for artificial intelligence superiority, the US and China are "neck and neck", but Beijing is ahead in terms of accumulating data to build models. " China has had large-scale government programmes to win on data," Mr Wang said on Wednesday during at the AI+ Expo in Washington. But he said privacy is not a top priority for Beijing. "So you know, there are all these ways that naturally they will be ahead on data, and we need to make sure that we can match that." The race for AI dominance is not over, Mr Wang said: "We're ahead on compute, they're ahead on data and we're neck and neck on algorithms. He blamed "legacy reasons" for the US lagging behind China on data, the backbone of large-language models that make AI so powerful. To catch up to China, he suggested that the US create a national data reserve, and think of data in the same way as petroleum or other natural resources. "The first priority [in the reserve] should be national security data," he said. "There's so much incredibly useful and valuable data that right now is fragmented and not leveraged for building powerful capabilities." Mr Wang also insisted that the US has "much more" military data than China, but that data was segregated and fragmented. Mr Wang's discussion about AI came on the third and final day of the technology conference in Washington. While his was one of the more high-profile talks at the event, his company Scale AI – whose technology helps to train AI applications – has been criticised by those concerned about the junction between artificial intelligence and the defence industry. It already has some of the world's technology giants as its clients, including Meta, Microsoft and OpenAI. The company also works with the US Air Force and US Army. Mr Wang has openly stood behind his company's defence contracts. During a discussion at Centre for Strategic and International Studies in May, he insisted that the company's work and the use of AI for US military solutions was a "moral imperative". 'We're at the brink of this incredibly powerful new technology and the applications for national security are obvious," Mr Wang said. He said that a visit to China, where he saw AI companies working on facial recognition and surveillance, bolstered his belief that Scale AI should work with US defence. 'At that moment it was clear for me that the US would need to have the highest quality human capital and the best companies focused on this problem." The buzz around Scale AI continues to grow as the self-described "data-centric end-to-end solution" AI infrastructure company expands its footprint. Originally from New Mexico, Mr Wang founded Scale AI in 2016 shortly after dropping out of the Massachusetts Institute of Technology when he saw AI developments creating the need for ways to provide and manage high-quality training data for technology companies and other large businesses. His company has more than 900 employees and secured at least $1.3 billion in financing, resulting in a $13.8 billion valuation. At the AI+ convention, he spoke highly of the AI partnerships recently announced during US President Donald Trump's visit to Saudi Arabia and the UAE. "Now what we're seeing is that we want to get ahead in this AI age and that's the motivating idea behind what you saw in the Middle East," Mr Wang said. He said that he expects similar partnerships and announcements with other countries in the years ahead.
Zawya
2 days ago
- Zawya
India plans rare earth magnet incentives as supply threat mounts, sources say
India is holding talks with companies to establish long-term stockpiles of rare earth magnets by offering fiscal incentives for domestic production, people familiar with the matter said. Building such a supply chain could take years, but would reduce India's dependence on shipments from China, which sent shockwaves across global industries, particularly autos, with its April 4 move to curb exports of rare earth materials. China controls 90% of the processing of such magnets, also used in industries such as clean energy and defence. Now Prime Minister Narendra Modi's government wants to develop domestic manufacturing capabilities and is considering offering production-based fiscal incentives to companies, said two sources who sought anonymity as the talks are private. The scheme, being drafted by the ministry of heavy industries, also envisions partly funding the difference between the final price of the made-in-India magnet and the cost of the Chinese imports, the first source said. This would help achieve cost parity and boost local demand, the source said, adding that funding for the scheme has yet to be decided, with the government likely to meet industry officials next week to finalise the details. The heavy industries ministry did not respond to Reuters' queries. Although a state-run firm, IREL, has been mining rare earth materials for years, these are mainly used by the atomic energy and defence units, with most supplies for other uses still imported from China. India's move comes as auto companies the world over flag risks that they could face supply disruptions within days. In Japan, Suzuki Motor, has suspended production of its Swift car because of China's curbs. In India, auto industry body SIAM has privately told the government it expects production "to come to a grinding halt" within a timeframe starting from the end of May or early June. The heavy industries ministry also plans to send a delegation of auto industry executives to meet officials in Beijing to push for faster approvals, with two industry officials warning that was the only near-term solution. "The short-term solution has to be to get Chinese authorities to clear things," said one of the executives, who fears shortages at his company. "A radical shift in supply chain is not possible in the short term." Some auto companies and their suppliers will be able to stretch operations until the end of June, after which the situation will turn "really scary", said the second executive, adding it would affect not just electric cars but all vehicles. India has the world's third-largest reserves of rare earths of 6.9 million tons, the U.S. Geological Survey says, but only mines a fraction because private companies make limited investments. A government campaign launched in April, the National Critical Mineral Mission, aims to attain self-reliance in the sector. In recent years, it has begun exploration for neodymium, a rare earth widely used in magnets for the auto industry. India also exports neodymium to Japan for lack of domestic processing capability, two of the sources said. Commercially available export data showed India exported nearly $7 million worth of the rare earth material to Toyota Tsusho between January and April. This week, Modi's office discussed the impact of the magnet crisis on the small but fast-growing EV sector, to which investors have committed billions of dollars, a person familiar with the talks said. It also weighed the possibility of tariff exemptions for imports of machines required by domestic manufacturers, the source said, adding, "The government is looking into it critically. They are serious." (Reporting by Aditi Shah; Editing by Clarence Fernandez)
Zawya
3 days ago
- Zawya
OPPO Licenses Cellular Standard-Essential Patents to Volkswagen Group for Connected Vehicles
SHENZHEN, CHINA - Media OutReach Newswire - 5 June 2025 - Leading smart device company OPPO today announced the signing of a global patent licensing agreement with Volkswagen Aktiengesellschaft (hereafter referred to as Volkswagen) to license OPPO's cellular standard-essential patents portfolio to the group, including 5G. Under the agreement, OPPO's cellular standard-essential patents will be licensed to Volkswagen to enhance user experiences for its connected vehicle offerings across its global product lineup. "We are delighted to collaborate with Volkswagen through this patent licensing agreement," said Vincent Lin, Head of Patent Licensing at OPPO. "Volkswagen IP team's hard work and foresights in recognizing the value of this cooperation are highly appreciated. This partnership is further recognition of OPPO's leadership in cellular technology innovation and our commitment to creating a long-term, healthy and sustainable intellectual property ecosystem that empowers long-term innovation and industry growth." "The partnership with OPPO is an example of efficient, respectful, business focused collaboration in the space of licensing of Standard Essential Patents," said Robin Cefai, Chief IP Licensing Officer at Volkswagen. It illustrates Volkswagen's willingness to recognize the value of IP and find sustainable solutions for all parties. Marking OPPO's first ever bilateral patent licensing agreement with a connected-car company, the collaboration reflects the broader adaption of OPPO's cellular standard-essential technologies beyond smartphones, especially in the automotive sector. OPPO's 5G SEPs are currently distributed in over 40 countries and regions globally, and according to LexisNexis® IPlytics, a leading patent analytics platform, OPPO ranked eighth globally in overall 5G patent strength as of January 2025. As of March 2025, OPPO has filed over 113,000 patent applications and holds more than 62,000 granted patents globally. OPPO continues to invest in core technology areas including 5G/6G, artificial intelligence, charging, imaging, and video, reinforcing its position as a global leader in innovation and high-value intellectual property. Hashtag: #OPPO #Business The issuer is solely responsible for the content of this announcement. About OPPO OPPO is a leading global smart device brand. Since the launch of its first mobile phone - 'Smiley Face' - in 2008, OPPO has been in relentless pursuit of the perfect synergy of aesthetic satisfaction and innovative technology. Today, OPPO provides a wide range of smart devices spearheaded by the Find and Reno series. Beyond devices, OPPO also provides its users with ColorOS operating system and internet services. OPPO has footprints in more than 70 countries and regions, with more than 40,000 employees dedicated to creating a better life for customers around the world. OPPO
