Bleepingcomputer
PlushDaemon Hackers Use EdgeStepper to Hijack Software Updates
First seen 2 Dec 2025, 18:33 UTC
•



+3
•79% similarity
•20.5
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The China-linked threat actor PlushDaemon has been exploiting a new implant named EdgeStepper to hijack software update traffic. This cyberespionage operation has targeted various organizations across the United States, China, Taiwan, Hong Kong, South Korea, and New Zealand since at least 2018, redirecting DNS queries to malicious servers to deliver harmful payloads.
ThreatCluster AI