DKnife targets network gateways in long running AitM campaign | CSO Online

The DKnife framework, active since at least 2019 and linked to China-nexus actors, operates at network gateways to inspect and manipulate traffic, enabling tactics like redirecting updates and disrupting security tools. This adversary-in-the-middle (AitM) framework targets a wide range of devices by hijacking legitimate software updates to deliver secondary payloads and backdoors, while also actively interfering with antivirus and PC management communications.