StormBamboo Hacking Group Hacked an ISP to Inject Malware into Software Updates

The Chinese hacking group StormBamboo has compromised an ISP to inject malware into automatic software updates. Also known as Evasive Panda, Daggerfly, and StormCloud, the group has targeted organizations in China, Hong Kong, Macao, Nigeria, and Southeast Asia since 2012. Volexity researchers revealed that the group exploited insecure HTTP update mechanisms lacking digital signature validation to deploy malware on Windows and macOS devices. The attackers intercepted and modified victims' DNS requests, redirecting them to malicious IP addresses to deliver the malware without user interaction. Read more...