Skip to content

Hide Navigation Hide TOC

SlowStepper (07588c4c-39a8-4687-92ac-1da9a16186c5)

SlowStepper is a custom, modular backdoor that has been used by PlushDaemon, a "China-aligned" cyberespionage group. It was notably deployed by a malicious installer as part of a supply chain compromise targeting VPN software produced by a South Korean company.[ESET PlushDaemon January 22 2025]

Cluster A Galaxy A Cluster B Galaxy B Level
PlushDaemon (3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6) Tidal Groups SlowStepper (07588c4c-39a8-4687-92ac-1da9a16186c5) Tidal Software 1