PlushDaemon Hackers Use EdgeStepper to Hijack Software Updates

PlushDaemon Hackers Use EdgeStepper to Hijack Software Updates

First seen 2 Dec 2025, 18:33 UTC BleepingcomputerInfosecurity-MagazineGbhackersWelivesecurityCybersecuritynews+3 79% similarity 20.5

Article Content

Browse articles
ThreatCluster

The China-linked threat actor PlushDaemon has been exploiting a new implant named EdgeStepper to hijack software update traffic. This cyberespionage operation has targeted various organizations across the United States, China, Taiwan, Hong Kong, South Korea, and New Zealand since at least 2018, redirecting DNS queries to malicious servers to deliver harmful payloads.

ThreatCluster AI

Community

Browse all →