← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PlushDaemon compromises supply chain of Korean VPN service
WHITE CyberHunter_NL 2025-01-22 Modified: 2025-02-21
13
IOCs
MEDIUM VOLUME
A new China-aligned cyber-espionage group has compromised the supply chain of legitimate VPN software developed by a South Korean company, according to ESET researchers in a blogpost published on 22 January 2025.
Indicators of Compromise (13)
All CVE URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-7344 2025-01-22
URL http://114.114.114.114:53 2025-01-22
URL https://ipany.kr/ 2025-01-22
URL https://ipany.kr/download/IPanyVPNsetup.zip 2025-01-22
domain 114dns.com 2025-01-22
domain ipany.kr 2025-01-22
domain rundll.org 2025-01-22
domain win7py.org 2025-01-22
domain winxppy.org 2025-01-22
hostname 7051.gsm.360safe.company 2025-01-22
hostname agt.wcsset.com 2025-01-22
hostname st.360safe.company 2025-01-22
domain ipanyvpnsetup.zip 2025-01-22
References (1)
↗ https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/