
DeFi Strengthens Security, Reducing Crypto Thefts by 25% While Total Hacks Exceed $2 Billion in 2024
Cyber Security
Zaker Adham
02 October 2024
03 August 2024
|
Zaker Adham
Summary
Summary
A Chinese hacking group known as StormBamboo has infiltrated an unnamed internet service provider (ISP) to corrupt automatic software updates with malware. Also referred to as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting entities in China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.
On Friday, Volexity threat researchers disclosed that the group exploited insecure HTTP software update mechanisms, which lacked digital signature validation, to deploy malware on Windows and macOS devices. The attackers intercepted and altered victims' DNS requests, redirecting them to malicious IP addresses. This allowed the malware to be delivered from StormBamboo's command-and-control servers without user interaction.
Volexity's blog post noted that StormBamboo targeted multiple software vendors using insecure update processes. The researchers notified the ISP, which then investigated key traffic-routing devices on their network. Once the ISP rebooted and took certain network components offline, the DNS poisoning ceased.
According to BleepingComputer, after compromising the target systems, the hackers installed a malicious Google Chrome extension called ReloadText, enabling them to steal browser cookies and email data.
Cyber Security
Zaker Adham
02 October 2024
Cyber Security
Zaker Adham
23 September 2024
Cyber Security
Zaker Adham
22 September 2024
Cyber Security
Zaker Adham
21 September 2024