Hackers breach ISP to poison software updates with malware

Topic

New Reply

“A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware.

“Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.

“On Friday, Volexity threat researchers revealed that the Chinese cyber-espionage gang had exploited insecure HTTP software update mechanisms that didn’t validate digital signatures to deploy malware payloads on victims’ Windows and macOS devices.”

https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-updates-with-malware/

====================================================

Oh, brother, I was dreading this kind of stuff; messing with stuff like DNS and BGP, and the rest of the parts of the Net that are held together by some really sturdy pieces of 30 year old legacy masking tape and rubber bands. If this gets loose in the rest of the world..aieee…

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

2 users thanked author for this post.

Cybertooth, Fred

Reply | Quote

Replies

The attack vectors are 3rd party apps that are either not required (built in equivalents) or have security holes in them. Nothing to fear for most non Chinese language users.

Another click bait article.  🙁

cheers, Paul

1 user thanked author for this post.

Fred

Reply | Quote

Its always been best not to use DNS from your ISP. Also best to use the new secure DNS rather than old style insecure DNS.

If you have a good router, it will be able to do secure DNS for your entire home LAN.

Windows 10 users can not do secure DNS system-wide, only in their browsers. Windows 11 users can do secure DNS system-wide. Well sort-of system-wide:  there is one Windows 11 DNS config for Wifi and another for Ethernet.

More here https://www.routersecurity.org/testdns.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

Nibbled To Death By Ducks, Cybertooth

Reply | Quote

Paul T wrote:

Another click bait article. 🙁

Bleeping usually doesn’t run clickbait. Would you mind quoting your sources for your assertions? I’m always willing to be educated.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

I read the article to find the details of the claims. I found it to be a collection of old information and poorly defined claims. My score for that article is “clickbait”.

cheers, Paul

Reply | Quote

Well, the fellow who wrote the article, according to the bio on his Bleeping page:

“Sergiu (Gatlan) is a news reporter who has covered the latest cybersecurity and technology developments for over a decade.”

He’s got articles at Bleeping from Jan 2019 on, and has some creds elsewhere on the net.

I think we nay be differing on terminology. Everyone has a bad day. All writers (speaking as a semi-retired one) have written dogs, even the famous quill-drivers. I think “sloppily/or badly written and researched” might be more appropriate than “clickbait”, as one implies human fallibility, and the other implies intent.

Maybe The Editor, (“The lord of law on the throne of thought”) didn’t run it through his golden sieve. 😉 Maybe he did, and was snoring. Who knows.

Not that Bleeping can’t drift into the sensationalistic, IMHO; I’ve caught them doing that a couple of times. Still, I hesitate ascribe malignancy to that which can be attributed to human error, fatigue or sloppiness.

It would be a sad old world if we all agreed on everything all the time.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

Cybertooth

Reply | Quote

Wasn’t assigning blame, just scoring as an aid to those who may not be up on the tech details.  🙂

cheers, Paul

Reply | Quote