PlushDaemon Hackers Exploit EdgeStepper Tool for Software Update Hijacking

PlushDaemon Hackers Exploit EdgeStepper Tool for Software Update Hijacking

First seen 19 Nov 2025, 16:15 UTC BleepingcomputerInfosecurity-MagazineGbhackersWelivesecurityCybersecuritynews+3 91% similarity 27.8

Article Content

Browse articles
ThreatCluster

The Chinese hacking group PlushDaemon has been observed using a tool named EdgeStepper to hijack legitimate software updates, redirecting traffic to malicious servers. Active since at least 2018, PlushDaemon targets organizations globally, including the US, South Korea, and New Zealand, employing adversary-in-the-middle techniques to compromise network devices and conduct cyber espionage.

ThreatCluster AI

Community

Browse all →