Chinese-Linked DKnife Framework Targets Network Edge Devices Since 2019

Cybersecurity researchers have revealed the existence of DKnife, a gateway surveillance and adversary-in-the-middle (AitM) attack framework exploited by threat actors linked to China since at least 2019. The framework includes seven Linux-based implants designed to perform deep packet inspection, manipulate traffic, and deliver malware through routers and peripheral devices. The primary targets appear to be edge network equipment.