Nov 19, 2025 • ESET WeLiveSecurity
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have identified a sophisticated network implant deployed by PlushDaemon, a China-aligned APT group. The malware enables...
Executive Summary
ESET researchers have identified a sophisticated network implant deployed by PlushDaemon, a China-aligned APT group. The malware enables adversary-in-the-middle (AiTM) attacks by compromising network infrastructure devices. This implant allows the threat actors to intercept and manipulate network traffic, potentially harvesting credentials and sensitive data from victim organizations. AiTM attacks are particularly effective as they can bypass traditional multi-factor authentication by relaying authentication tokens. Organizations should monitor for suspicious network device behavior, implement strict device firmware updates, and employ network segmentation to limit the impact of such compromises.
Summary
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks
Published Analysis
ESET researchers have identified a sophisticated network implant deployed by PlushDaemon, a China-aligned APT group. The malware enables adversary-in-the-middle (AiTM) attacks by compromising network infrastructure devices. This implant allows the threat actors to intercept and manipulate network traffic, potentially harvesting credentials and sensitive data from victim organizations. AiTM attacks are particularly effective as they can bypass traditional multi-factor authentication by relaying authentication tokens. Organizations should monitor for suspicious network device behavior, implement strict device firmware updates, and employ network segmentation to limit the impact of such compromises. ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks
Linked Entities
- PlushDaemon network implant
- PlushDaemon