{"id":212400,"date":"2026-02-06T12:00:00","date_gmt":"2026-02-06T17:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/06\/chinese-made-malware-kit-targets-chinese-based-edge-devices\/"},"modified":"2026-02-11T15:30:12","modified_gmt":"2026-02-11T20:30:12","slug":"chinese-made-malware-kit-targets-chinese-based-edge-devices","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/06\/chinese-made-malware-kit-targets-chinese-based-edge-devices\/","title":{"rendered":"Chinese-Made Malware Kit Targets Chinese-Based Edge Devices"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/china-malware-kit-targets-routers\/\">Chinese-Made Malware Kit Targets Chinese-Based Edge Devices<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/china-malware-kit-targets-routers\/\">https:\/\/www.infosecurity-magazine.com\/news\/china-malware-kit-targets-routers\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-06 12:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>A malware framework that remained hidden for years has been discovered by security researchers at Cisco Talos.<\/p>\n<p>The researchers were hunting for samples of DarkNimbus, a\u00a0backdoor linked to the\u00a0MOONSHINE\u00a0exploit kit which have both been known about since 2023, when they found a fully featured\u00a0gateway-monitoring and\u00a0adversary-in-the-middle (AitM)\u00a0framework they had never seen before.<\/p>\n<p>Cisco Talos researchers have shared technical details about this framework, which they dubbed DKnife, in a new report published on February 5.<\/p>\n<p>Used since at least 2019 and still active in January 2026, DKnife targets Chinese-speaking users and the Talos researchers assessed \u201cwith high confidence\u201d that it was made by Chinese-nexus threat actors.<\/p>\n<p>This assessment is based on\u00a0the language used in the\u00a0code, configuration\u00a0files\u00a0and the\u00a0ShadowPad\u00a0malware delivered in the campaign.<\/p>\n<p>The researchers also discovered overlaps in DKnife\u2019s infrastructure and a campaign delivering\u00a0WizardNet, a modular backdoor known to be delivered by Spellbinder, a different\u00a0AiTM\u00a0framework,\u00a0suggesting\u00a0a shared development or operational lineage.<\/p>\n<h2><strong>DKnife Capabilities Explained<\/strong><\/h2>\n<p>DKnife is a Linux-based (x86-64) framework designed for gateway-level attacks, enabling operators to monitor, manipulate and hijack network traffic on compromised routers or edge devices.<\/p>\n<p>It is made up of seven executable and linkable format (ELF) binaries that operate together to carry out deep packet inspection (DPI), traffic interception and malicious payload delivery.<\/p>\n<p>The framework is designed for Linux-based firmware, especially systems running CentOS or Red Hat Enterprise Linux and includes support for point-to-point protocol over ethernet (PPPoE), virtual local area network (VLAN) tagging and bridged interfaces. This makes it particularly effective for exploiting routers and similar network devices.<\/p>\n<p>The framework performs several key functions including serving command and control (C2) updates for backdoors&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/china-malware-kit-targets-routers\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese-Made Malware Kit Targets Chinese-Based Edge Devices https:\/\/www.infosecurity-magazine.com\/news\/china-malware-kit-targets-routers\/ Publish Date: 2026-02-06 12:00:00 Source Domain: www.infosecurity-magazine.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":212401,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/f9975536-657a-4f3b-9706-b59f0c06aff9.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,32],"class_list":["post-212400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212400"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=212400"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212400\/revisions"}],"predecessor-version":[{"id":212402,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212400\/revisions\/212402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/212401"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=212400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=212400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=212400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}