Threat Intelligence5 min read
Talos Exposes DKnife: China-Linked Router AitM Framework
Seven-implant Linux toolkit intercepts traffic on compromised routers, delivering ShadowPad and hijacking Android updates. Active C2 infrastructure dates to 2019.
Alex KowalskiFeb 6, 2026