워드프레스 "콘텐츠 열람 전 자동 광고 시스템"을 통해, 특정 웹페이지를 열람하기 위해 먼저 봐야 하는 사전 광고를 원하는 위치에 자유롭게 배치/설정할 수 있습니다
Hackers infect ISPs with malware that steals customers’ credentials - Kims Media Press "Enter" to skip to content

Hackers infect ISPs with malware that steals customers’ credentials

Hackers infect ISPs with malware that steals customers’ credentials

Enlarge (credit: Getty Images)

Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers, researchers said Tuesday.

The vulnerability resides in the Versa Director, a virtualization platform that allows ISPs and managed service providers to manage complex networking infrastructures from a single dashboard, researchers from Black Lotus Labs, the research arm of security firm Lumen, said. The attacks, which began no later than June 12 and are likely ongoing, allow the threat actors to install “VersaMem,” the name Lumen gave to a custom web shell that gives remote administrative control of Versa Director systems.

Getting admin control of ISP infrastructure

The administrative control allows VersaMem to run with the necessary privileges to hook the Versa authentication methods, meaning the web shell can hijack the execution flow to make it introduce new functions. One of the functions VersaMem added includes capturing credentials at the moment an ISP customer enters them and before they are cryptographically hashed. Once in possession of the credentials, the threat actors work to compromise the customers. Black Lotus didn’t identify any of the affected ISPs, MSPs, or downstream customers.

Read 10 remaining paragraphs | Comments



Source : https://arstechnica.com/security/2024/08/hackers-infect-isps-with-malware-that-steals-customers-credentials/