Key Findings DKnife is a gateway-monitoring and adversary-in-the-middle (AitM) framework operated by China-nexus threat actors since at least 2019 It comprises seven Linux-based implants designed for deep packet inspection, traffic manipulation, and malware delivery via routers and edge devices The framework's primary targets appear to be Chinese-speaking users, based on the presence of credential harvesting phishing pages for Chinese email services and exfiltration modules f
