The threat actor known as PlushDaemon has been observed using
a previously undocumented Go-based network backdoor codenamed
EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
EdgeStepper "redirects all DNS queries to an external, malicious
hijacking node, effectively rerouting the traffic from legitimate
infrastructure used for software updates to attacker-controlled
infrastructure
Read more https://thehackernews.com/2025/11/edgestepper-implant-reroutes-dns.html
