China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Summary
A China-linked threat actor group has been using a gateway-monitoring and adversary-in-the-middle (AitM) framework called DKnife since 2019. This framework consists of seven Linux-based implants that perform deep packet inspection, traffic manipulation, and malware delivery via routers and edge devices.
IFF Assessment
The DKnife framework allows attackers to hijack traffic and deliver malware, posing a significant threat to network security.
Severity
Defender Context
Defenders need to monitor network traffic for unusual patterns and implement strong router security configurations. The DKnife framework highlights the increasing sophistication of state-sponsored threat actors targeting network infrastructure. This emphasizes the importance of regular firmware updates and intrusion detection systems.