Since July 12, four unnamed American Internet Service Providers (ISPs) have been hacked.

They all used the same platform to manage and control their vast networking enterprise.

By infiltrating this platform, hackers managed to steal customer credentials, which were otherwise encrypted.

The attackers hijacked small office and home office routers to enter Versa Director systems.

The threat actors used this entry point to inject a malicious java file called VersaMem.

Thats where the bug was: the file upload system which should have sanitized this file.

This code gave them admin access to the entire Versa Director dashboard.

The malware is also incredibly sophisticated and hard to detect because it lives entirely on volatile memory.

The VersaMem malware currently has zero anti-virus (AV) detections, according to Black Lotus Labs.

An update on the Versa bulletin also explains how to scan for the malicious code on infected systems.

Source:Versa Blog,Black Lotus Labs,Ars Technica