China-linked PlushDaemon APT Targets South Korean VPN in 2023 Supply Chain Attack; TRIPLESTRENGTH Exploits Cloud for Cryptojacking

A previously unknown China-linked advanced persistent threat (APT) group, named PlushDaemon, has been identified as responsible for a supply chain attack targeting a South Korean VPN provider in 2023. The attack involved various methods, including screen recording and browser password harvesting. In addition, two ransomware groups have been reported to be exploiting Microsoft Teams and Office 365 services to gain unauthorized access to organizations, deploying ransomware in the process. The threat landscape also includes a financially motivated hacker group called TRIPLESTRENGTH, which is targeting cloud environments for cryptojacking and ransomware attacks, affecting platforms such as Google Cloud, AWS, and Microsoft Azure. Furthermore, users who downloaded an installer from the South Korean VPN provider IPany may be at risk due to the malware associated with the attack.