Bleepingcomputer
PlushDaemon Hackers Exploit EdgeStepper Tool for Software Update Hijacking
First seen 19 Nov 2025, 16:15 UTC
•



+3
•91% similarity
•27.8
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Chinese hacking group PlushDaemon has been observed using a tool named EdgeStepper to hijack legitimate software updates, redirecting traffic to malicious servers. Active since at least 2018, PlushDaemon targets organizations globally, including the US, South Korea, and New Zealand, employing adversary-in-the-middle techniques to compromise network devices and conduct cyber espionage.
ThreatCluster AI