Hackers from the Chinese group StormBamboo, also known as Evasive Panda, Daggerfly, and StormCloud, compromised an internet service provider (ISP) to spread malware through software updates. The hackers exploited insecure HTTP mechanisms that didn’t validate digital signatures, installing malicious payloads on Windows and macOS devices instead of intended updates.
The attackers intercepted DNS requests, modifying them with malicious IP addresses that delivered malware from their command-and-control servers without user interaction. For example, they used 5KPlayer to update youtube-dl and push a backdoored installer.
Once the systems were compromised, the hackers installed a malicious Google Chrome extension (ReloadText) to steal browser cookies and mail data. The ISP worked with Volexity researchers to stop the DNS poisoning by rebooting key devices and taking network components offline.
Source: https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-updates-with-malware/