After conducting a DNS poisoning attack against the ISP, StormBamboo leveraged vulnerable HTTP software update mechanisms without digital signature validation to facilitate the installation of MACMA and MgBot malware to Windows and macOS systems.
Article Link: Malware distributed through ISP compromise | SC Media