China-backed Advanced Persistent Threat (APT) group PlushDaemon has been infiltrating legitimate update channels on a popular South Korean VPN, according to cybersecurity firm ESET. The group has replaced genuine installers with trojan versions that plant SlowStepper, a sophisticated backdoor capable of extensive surveillance and data collection, into the software. The attack avoided widespread damage due to ESET alerting the VPN operator. Experts believe PlushDaemon has been active since 2019.

North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report
North Korean hackers reportedly set up shell companies in the US to penetrate the crypto sector and target developers via fake job offers, according to