Abstract The People’s Republic of China-nexus threat actors have deployed DKnife, a sophisticated, modular adversary-in-the-middle (AiTM) framework since at least 2019, with command-and-control infrastructure remaining operational as of January 2026. Discovered by Cisco Talos during analysis of DarkNimbus backdoor distribution, DKnife comprises seven Linux-based implants designed to compromise network gateways, routers, and edge devices, enabling … Leggi tutto China-Nexus Adversary-in-the-Middle (AiTM) Framework for Network Gateway Espionage and Malware Delivery