Widely attributedUnknown

PlushDaemon

China-aligned APT conducting cyberespionage via supply chain attacks and software update hijacking. Deploys the SlowStepper backdoor. Targets in China, Taiwan, Hong Kong, South Korea, US and New Zealand.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

1.6

Low signal strength

Mentions2

Sources1

High conf.2

Last seenMay 2026

First observed

—

Last active

—

Origin

China

Aliases

Techniques

Campaigns

China

TargetsTechnologyGovernment

RegionsAsiaNorth America

Attribution signals

2 mentions · 1 source

#1high

InfrastructureTTP matchMalware

eset

May 2026

#2employed byhigh

TTP match

eset

May 2026

"adversary-in-the-middle technique for both initial access and lateral movement, employed by groups such as PlushDaemon, SinisterEye, Evasive Panda, and TheWizards."

Hedge terms observed

employed by