Hackers infect ISPs with malware that steals customers’ credentials

Source

Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers, researchers said Tuesday. The vulnerability resides in the Versa Director, a virtualization platform that allows ISPs and managed service providers to manage complex networking infrastructures from a single dashboard, researchers from Black Lotus Labs, the research arm of security firm Lumen, said. The attacks, which began no later than June 12 and are likely ongoing, allow the threat actors to [...]