Hackers infect ISPs with malware that steals customers’ credentials

Hackers likely backed by the Chinese government have used a high-severity vulnerability in the Versa Director virtualization platform to attack US-based internet service providers and managed service providers with malware. Black Lotus Labs reported that the attacks began in June and are possibly ongoing, targeting home office routers and small businesses. They have provided cybercriminals with remote control of affected systems and access to customer credentials, enabling them to launch subsequent attacks on customers.