StormBamboo is a highly skilled and aggressive threat actor who compromises third-parties (in this case, an ISP) to breach intended targets. The variety of malware employed indicates significant effort is invested, with supported payloads for macOS, Windows, and network appliances.
Evasive Panda is known for using backdoors like MgBot and Nightdoor, as well as the recent MACMA malware strain. They have a track record of supply chain attacks, targeting NGOs and Tibetan users.
Confirmation by Volexity revealed Evasive Panda's DNS poisoning attack via the compromised ISP was behind the trojanized updates distributed to companies. The attack targeted insecure update mechanisms.
Collection
[
|
...
]