StormBamboo Abuses ISP to Push Malware via Software Updates

Amber | Attack Report
Download PDF

The StormBamboo group executed a sophisticated attack by compromising an ISP and using DNS poisoning to redirect software updates to malicious servers, installing MACMA and POCOSTICK malware on macOS and Windows systems. This malware facilitated data exfiltration and installed a stealthy browser extension for persistent access. The attack exploited insecure update mechanisms, highlighting the need for robust integrity checks and enhanced DNS security.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox