Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
Spellbinder used since 2022 to hijack Chinese software updates via IPv6 spoofing, enabling AitM attacks.
More info