EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
The Hacker News
Actively Exploited
The threat actor PlushDaemon has deployed a new Go-based network backdoor called EdgeStepper, which enables adversary-in-the-middle attacks by hijacking DNS queries. This redirection leads to the potential compromise of legitimate software updates, posing a significant risk to affected systems.
Impact: N/A
Remediation: Implement DNS security measures, monitor network traffic for anomalies, and ensure software updates are obtained from verified sources.