PlushDaemon compromises network devices for adversary-in-the-middle attacks

ESET researchers have identified a sophisticated network implant deployed by PlushDaemon, a China-aligned APT group. The malware enables adversary-in-the-middle (AiTM) attacks by compromising network infrastructure devices. This implant allows the threat actors to intercept and manipulate network traffic, potentially harvesting credentials and sensitive data from victim organizations. AiTM attacks are particularly effective as they can bypass traditional multi-factor authentication by relaying authentication tokens. Organizations should monitor for suspicious network device behavior, implement strict device firmware updates, and employ network segmentation to limit the impact of such compromises.

ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks

ESET researchers have identified a sophisticated network implant deployed by PlushDaemon, a China-aligned APT group. The malware enables adversary-in-the-middle (AiTM) attacks by compromising network infrastructure devices. This implant allows the threat actors to intercept and manipulate network traffic, potentially harvesting credentials and sensitive data from victim organizations. AiTM attacks are particularly effective as they can bypass traditional multi-factor authentication by relaying authentication tokens. Organizations should monitor for suspicious network device behavior, implement strict device firmware updates, and employ network segmentation to limit the impact of such compromises. ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks