StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Volexity detected and responded to multiple incidents involving systems infected with malware linked to StormBamboo, a threat actor known for compromising internet service providers (ISPs) and leveraging DNS poisoning to redirect software update traffic to attacker-controlled servers hosting malicious payloads. The threat actor abused insecure software update mechanisms that used HTTP, enabling them to surreptitiously install malware including new variants of MACMA and POCOSTICK on victim machines running macOS and Windows. Post-exploitation activities involved deploying a malicious browser extension to exfiltrate victim email data. The incidents highlight StormBamboo's sophisticated tactics and the risks posed by insecure update mechanisms.
OPENCTI LABELS :
malware,dazzlespy,macma,reloadext,dns poisoning,osx.cdds,pocostick,insecure updates
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms