Security News > 2025 > January > IPany VPN breached in supply-chain attack to push custom malware

IPany VPN breached in supply-chain attack to push custom malware

2025-01-22 15:11

South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper' malware. [...]

News URL

https://www.bleepingcomputer.com/news/security/ipany-vpn-breached-in-supply-chain-attack-to-push-custom-malware/

#attack #malware #supplychain #VPN

Related news

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
Massive brute force attack uses 2.8 million IPs to target VPN devices (source)
North Korea targets crypto developers via NPM supply chain attack (source)
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
Ransomware gang creates tool to automate VPN brute-force attacks (source)
GitHub supply chain attack spills secrets from 23,000 projects (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.