Volexity detected and responded to multiple incidents involving systems infected with malware linked to StormBamboo, a threat actor known for compromising internet service providers (ISPs) and leveraging DNS poisoning to redirect software update traffic to attacker-controlled servers hosting malicious payloads. The threat actor abused insecure software update mechanisms that used HTTP, enabling them to surreptitiously install malware including new variants of MACMA and POCOSTICK on victim machines running macOS and Windows. Post-exploitation activities involved deploying a malicious browser extension to exfiltrate victim email data. The incidents highlight StormBamboo's sophisticated tactics and the risks posed by insecure update mechanisms.