An unidentified internet provider recently fell victim to a cyberattack by StormBamboo, an infamous Chinese hacker group also known as Evasive Panda, Daggerfly, and StormCloud. The group notoriously employs software updates as a vehicle to deliver malware, with a cyber warfare track record dating back to 2012.
Mainly targeting China, Hong Kong, Macao, Nigeria, and parts of Southeast and East Asia, StormBamboo does not limit its operation to these regions. Their activities have led to data breaches, theft of valuable information, and economic disturbance, triggering concerns about global network security.
Security researchers from Volexity recently discovered evidence of the group’s activities. They utilize non-secure HTTP software update processes to spread malware, infecting both Windows and macOS machines. Targets usually encompass areas such as information technology and finance, mostly in Asia. The group uses MACMA and POCOSTICK malware variants for their hacking operations.
StormBamboo executes successful cyberattacks by altering the DNS requests of their victims to malicious IP addresses, permitting them to download malware directly from their servers onto the victim’s systems.
StormBamboo’s persistent cyberattacks on global networks
For instance, one method involved manipulating update requests for the 5KPlayer application to deliver a compromised installer from their servers. This fundamental breach of network security emphasizes the need for stronger global cybersecurity measures and frameworks.
Once gaining access, the hackers installed a malicious Google Chrome extension called ReloadText, allowing them to steal browser cookies and mail data. Volexity pointed out how the group employs multiple techniques to target software providers with insecure update protocols. In the aftermath, there are calls for more stringent security measures and higher vigilance on system vulnerabilities.
The affected ISP, with help from Volexity, was able to neutralize the DNS takeover. These occurrences echo previous incidents linked to StormBamboo, underscoring the need for prompt action and robust protective measures against such sophisticated cyber threats. Symantec’s threat hunting team has also traced these hackers to a breach of an American NGO operating in China and multiple Taiwanese organizations.
Given the climbing sophistication of such cyberattacks, a comprehensive strategy to counter these threats has become more urgent than ever. The incidents underline the critical responsibility of software providers to bolster their security protocols and to be prepared for swift detection and mitigation of cyber threats.
