{"id":56947,"date":"2024-08-27T14:44:51","date_gmt":"2024-08-27T14:44:51","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36259\/Hackers-Infect-ISPs-With-Malware-That-Steals-Customer-Credentials.html"},"modified":"2024-08-27T14:44:51","modified_gmt":"2024-08-27T14:44:51","slug":"hackers-infect-isps-with-malware-that-steals-customer-credentials","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/","title":{"rendered":"Hackers Infect ISPs With Malware That Steals Customer Credentials"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security-800x450.jpg\" alt=\"Hackers infect ISPs with malware that steals customers\u2019 credentials\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/08\/hackers-infect-isps-with-malware-that-steals-customers-credentials\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">34<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 9:single\/related:8e7f702b9e21eb72d2d97b70419c4218 --><!-- empty --><\/p>\n<p>Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers, researchers said Tuesday.<\/p>\n<p>The vulnerability resides in the <a href=\"https:\/\/versa-networks.com\/documents\/datasheets\/versa-director.pdf\">Versa Director<\/a>, a virtualization platform that allows ISPs and managed service providers to manage complex networking infrastructures from a single dashboard, researchers from Black Lotus Labs, the research arm of security firm Lumen, <a href=\"https:\/\/blog.lumen.com\/taking-the-crossroads-the-versa-director-zero-day-exploitation\">said<\/a>. The attacks, which began no later than June 12 and are likely ongoing, allow the threat actors to install &#8220;VersaMem,\u201d the name Lumen gave to a custom web shell that gives remote administrative control of Versa Director systems.<\/p>\n<h2>Getting admin control of ISP infrastructure<\/h2>\n<p>The administrative control allows VersaMem to run with the necessary privileges to hook the Versa authentication methods, meaning the web shell can hijack the execution flow to make it introduce new functions. One of the functions VersaMem added includes capturing credentials at the moment an ISP customer enters them and before they are cryptographically hashed. Once in possession of the credentials, the threat actors work to compromise the customers. Black Lotus didn\u2019t identify any of the affected ISPs, MSPs, or downstream customers.<\/p>\n<p>CVE-2024-39717, as the zero-day is tracked, is an unsanitized file upload vulnerability that allows for the injection of malicious Java files that run on the Versa systems with elevated privileges. Versa <a href=\"https:\/\/versa-networks.com\/blog\/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability\/\">patched the vulnerability<\/a> Monday after Lumen privately reported it earlier. All versions of Versa Director prior to 22.1.4 are affected. To fly under the radar, the threat actor waged their attacks through compromised small office and home office routers.<\/p>\n<p>\u201cGiven the severity of the vulnerability, the sophistication of the threat actors, the critical role of Versa Director servers in the network, and the potential consequences of a successful compromise, Black Lotus Labs considers this exploitation campaign to be highly significant,\u201d Tuesday\u2019s report <a href=\"https:\/\/blog.lumen.com\/taking-the-crossroads-the-versa-director-zero-day-exploitation\">said<\/a>.<\/p>\n<p>In at least a \u201cfew cases,\u201d Black Lotus said in an email, the threat actor appeared to gain initial access to the Versa Director systems through port 4566, which Versa uses to provide what\u2019s known as <a href=\"https:\/\/academy.versa-networks.com\/docs\/configuring-and-verifying-versa-director-high-availability\/\">high-availability pairing<\/a> between nodes. Versa\u2019s advisory referred to <a href=\"https:\/\/docs.versa-networks.com\/Getting_Started\/Deployment_and_Initial_Configuration\/Deployment_Basics\/Firewall_Requirements\">these firewall requirements<\/a> first released in 2015. The advisory said: \u201cImpacted customers failed to implement system hardening and firewall guidelines mentioned above, leaving a management port exposed on the Internet that provided the threat actors with initial access.\u201d<\/p>\n<p>In Tuesday\u2019s post, Black Lotus researchers wrote:<\/p>\n<blockquote>\n<p>Black Lotus Labs initially observed anomalous traffic aligning with the possible exploitation of several US victims\u2019 Versa Director servers between at least June 12, 2024, and mid-July 2024. Based on analysis of Lumen\u2019s global telemetry, the initial access port for the compromised Versa Director systems was likely port 4566 which, according to Versa documentation, is a management port associated with high-availability (HA) pairing between Versa nodes. We identified compromised SOHO devices with TCP sessions over port 4566 which were immediately followed by large HTTPS connections over port 443 for several hours. Given that port 4566 is generally reserved for Versa Director node pairing and the pairing nodes typically communicate with this port for extended periods of time, there should not be any legitimate communications to that port from SOHO devices over short timeframes.<\/p>\n<p>We assess the short timeframe of TCP traffic to port 4566 immediately followed by moderate-to-large sessions of HTTPS traffic over port 443 from a non-Versa node IP address (e.g. SOHO device) as a likely signature of successful exploitation. Searching through Lumen\u2019s global telemetry, we identified four U.S. victims and one non-U.S. victim in the ISP, MSP and IT sectors, with the earliest exploitation activity occurring at a US ISP on June 12, 2024.<\/p>\n<p>The following graphic provides an overview of what Black Lotus Labs observes as it relates to the exploitation of CVE-2024-xxxx and the use of the VersaMem web shell:<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/versa-director-exploitation-flow.jpg\" class=\"enlarge\" data-height=\"1134\" data-width=\"2322\" alt=\"Overview of the Versa Director exploitation process and the VersaMem web shell functionality.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Overview of the Versa Director exploitation process and the VersaMem web shell functionality.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/versa-director-exploitation-flow-640x313.jpg\" width=\"640\" height=\"313\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/versa-director-exploitation-flow-1280x625.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/versa-director-exploitation-flow.jpg\" class=\"enlarge-link\" data-height=\"1134\" data-width=\"2322\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Overview of the Versa Director exploitation process and the VersaMem web shell functionality.<\/div>\n<div class=\"caption-credit\">Black Lotus Labs<\/div>\n<\/figcaption><\/figure>\n<\/blockquote>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36259\/Hackers-Infect-ISPs-With-Malware-That-Steals-Customer-Credentials.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56948,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[11025],"class_list":["post-56947","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerprivacymalwaredata-losspassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hackers Infect ISPs With Malware That Steals Customer Credentials 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Infect ISPs With Malware That Steals Customer Credentials 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-27T14:44:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security-800x450.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hackers Infect ISPs With Malware That Steals Customer Credentials\",\"datePublished\":\"2024-08-27T14:44:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/\"},\"wordCount\":671,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg\",\"keywords\":[\"headline,hacker,privacy,malware,data loss,password\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/\",\"name\":\"Hackers Infect ISPs With Malware That Steals Customer Credentials 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg\",\"datePublished\":\"2024-08-27T14:44:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-infect-isps-with-malware-that-steals-customer-credentials\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,malware,data loss,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacymalwaredata-losspassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hackers Infect ISPs With Malware That Steals Customer Credentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Infect ISPs With Malware That Steals Customer Credentials 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Infect ISPs With Malware That Steals Customer Credentials 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-27T14:44:51+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security-800x450.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hackers Infect ISPs With Malware That Steals Customer Credentials","datePublished":"2024-08-27T14:44:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/"},"wordCount":671,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg","keywords":["headline,hacker,privacy,malware,data loss,password"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/","url":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/","name":"Hackers Infect ISPs With Malware That Steals Customer Credentials 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg","datePublished":"2024-08-27T14:44:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-infect-isps-with-malware-that-steals-customer-credentials.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hackers-infect-isps-with-malware-that-steals-customer-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,malware,data loss,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacymalwaredata-losspassword\/"},{"@type":"ListItem","position":3,"name":"Hackers Infect ISPs With Malware That Steals Customer Credentials"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56947"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56947\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56948"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}