IPv6 networking feature hit by hackers to hijack software updates

Chinese threat actor TheWizards observed running a SLAAC attack since 2022 The attack delivers tainted software updates Most victims are in China, Hong Kong, the Philippines, and UAE A threat actor called TheWizards has been running SLAAC spoofing attacks to target organizations, cybersecurity researchers ESET have revealed, claiming the group is aligned with the Chinese government. In the campaign, the attackers would use a tool called Spellbinder to send fake Router Advertisement (RA) messages to their targets. These messages trick devices into thinking the attacker’s system is the legitimate router, causing them to route all their internet traffic through the…