Summary:
1. Attack Overview: Chinese hacking group StormBamboo breached an undisclosed ISP to inject malware into software updates. They exploited insecure HTTP update mechanisms that didn’t verify digital signatures, targeting victims’ Windows and macOS devices.
2. DNS Poisoning Method: The attackers intercepted and modified DNS requests, redirecting them to malicious IP addresses. This allowed malware delivery from StormBamboo’s command-and-control servers without user interaction. The ISP’s investigation and subsequent actions stopped the DNS poisoning.
3. Malware Impact: After compromising systems, the attackers installed a malicious Google Chrome extension called ReloadText. This extension enabled them to steal browser cookies and email data, highlighting significant cybersecurity vulnerabilities in software update processes.
Read more at: bleepingcomputer.com
!