一个与中国有联系的集团从2018年起就利用边对端劫持路由器 DNS查询,将软件更新改为安装后门。 A China-linked group uses EdgeStepper to hijack router DNS queries, redirecting software updates to install backdoors since 2018.

一个与中国结盟的黑客集团PlushDaemon正在使用一个新发现的网络植入装置,名为EdgeStepper, 进行中场对敌攻击, A China-aligned hacking group, PlushDaemon, is using a newly discovered network implant called EdgeStepper to conduct adversary-in-the-middle attacks by hijacking DNS queries on compromised routers. 该策略将合法的软件更新流量转向恶意服务器,使得能够通过LittleDaemon等下载器部署像SlowStepper这样的后门。 The tactic redirects legitimate software update traffic to malicious servers, enabling the deployment of backdoors like SlowStepper via downloaders such as LittleDaemon. 该团体至少自2018年以来就以美国、台湾、南韩、柬埔寨和其他地方的组织为目标,利用未出现的脆弱性和薄弱的资质。 The group has targeted organizations in the U.S., Taiwan, South Korea, Cambodia, and elsewhere since at least 2018, exploiting unpatched vulnerabilities and weak credentials. 最近的袭击包括软件和VPN供应商的供应链妥协,突出了网络和更新基础设施操纵的持续风险。 Recent attacks include supply-chain compromises of software and VPN providers, highlighting ongoing risks from network and update infrastructure manipulation.