When you buy through our links, you’re supporting our mission of fighting fake reviews.

old windows folder icon

China-Linked Hackers Breach ISP, Steal Customer Passwords and Files

China-linked hackers Evasive Panda compromised an ISP to push malware via software updates.

Al Landes Avatar
Al Landes
Al Landes Avatar
Al Landes
Al is a long time tech writer with a penchant for all things nerdy. While he still writes for a few publications, he no longer writers for Gadget Review and manages a team of review writers, ensuring there content is nothing short of perfect.
All Articles by Al Landes

Al Landes Avatar

By

Al Landes
Al Landes Avatar
Al Landes
Al is a long time tech writer with a penchant for all things nerdy. While he still writes for a few publications, he no longer writers for Gadget Review and manages a team of review writers, ensuring there content is nothing short of perfect.

All Articles by

Al Landes

·

2 min read

Our editorial process is built on human expertise, ensuring that every article is reliable and trustworthy. AI helps us shape our content to be as accurate and engaging as possible.
Learn more about our commitment to integrity in our Code of Ethics.

Key Takeaways

  • China-linked hackers Evasive Panda compromised an ISP to deliver malware via software updates.

  • The malware, including MgBot and MACMA, stole customer passwords, files, and browser data.

  • Developers must use secure HTTPS for updates and enforce integrity checks to prevent similar attacks.

A recent cyberattack has compromised an unnamed internet service provider (ISP), allowing China-linked threat actor Evasive Panda to push malicious software updates to target companies, according to Arstechnica. The attack has stolen sensitive information from customers, including passwords and files.

Evasive Panda, also known as Bronze Highland, Daggerfly, and StormBamboo, has been active since at least 2012, as reported by The Hacker News. They’ve orchestrated watering hole and supply chain attacks targeting Tibetan users and an international NGO in Mainland China.

The hackers exploited the ISP’s DNS to redirect user traffic to malicious websites. PCMag points out that they delivered malware like MgBot and MACMA, which can remotely take screenshots, capture keystrokes, and steal data.

Volexity, a cybersecurity firm, discovered the infection while investigating a hack at an unnamed organization. “We traced it back to the ISP level, where we found a DNS poisoning attack,” said Steven Adair, Founder and President of Volexity.

The attack chain involves manipulating DNS query responses for domains tied to automatic software update mechanisms. The hackers targeted software that uses insecure HTTP update mechanisms or lacks adequate integrity checks. This allowed them to intercept DNS requests and poison them with malicious IP addresses.

On macOS devices, the hackers also deployed a malicious Google Chrome extension. It modified the Secure Preferences file to exfiltrate browser cookies to a Google Drive account controlled by the adversary.

Volexity worked with the ISP to remediate the attack. The DNS poisoning immediately stopped once the ISP rebooted and took various network components offline.

This incident highlights the growing sophistication of Evasive Panda. It underscores the importance of using secure HTTPS protocols for software updates and enforcing integrity checks on installers. As threat actors continue to evolve, improved cybersecurity measures will be crucial to protect against similar attacks in the future.

Image credit: Wikimedia

Share this

You Might Also Like_

Our Editorial Process

At Gadget Review, our guides, reviews, and news are driven by thorough human expertise and use our Trust Rating system and the True Score. AI assists in refining our editorial process, ensuring that every article is engaging, clear and accurate. See how we write our content here →

Why Trust Gadget Review

With over 25 years of experience, our editorial process is built on human expertise, ensuring that every article is reliable and trustworthy. AI helps us shape our content to be as accurate and engaging as possible.

Learn more about our commitment to integrity in our Code of Ethics.

LATEST DEALS_

LATEST NEWS_

Latest Buying Guides_

Latest Reviews_

LATEST Resource Articles_