A Chinese cyber espionage group, known as Volt Typhoon, has been linked to attacks on U.S. and Indian internet firms. Now it appears a software product used by IT service providers might have been exploited by these malicious actors.
What Happened: The group is exploiting a zero-day vulnerability in Versa Director, a software product widely used by internet and IT service providers, reported Krebs on Security earlier this week.
Versa Director systems are primarily used by Internet service providers (ISPs) and managed service providers (MSPs) that cater to the IT needs of many small to mid-sized businesses.
Researchers believe the Volt Typhoon’s goal appears to be preparing for potential disruption of communications between the U.S. and Asia in the event of a future armed conflict with China, the report added.
On Aug. 26, Versa issued a security advisory urging customers to deploy a patch for the vulnerability (CVE-2024-39717), which is fixed in Versa Director 22.1.4 or later.
According to Michael Horka, senior lead information security engineer at Black Lotus Labs, the earliest known exploit activity occurred at a U.S. ISP on June 12, 2024.
In a blog post earlier this week, Horka said, “The Black Lotus Labs team at Lumen Technologies discovered active exploitation of a zero-day vulnerability in Versa Director servers.”
Black Lotus Labs assessed that the Volt Typhoon was responsible for the compromises, the report noted.
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
Why It Matters: The Volt Typhoon group has been on the radar of U.S. security agencies for a while. In May 2023, Microsoft blamed Chinese hackers for spying on critical American infrastructure and Guam.
Previously, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity Infrastructure Security Agency (CISA) issued a joint warning about the cyber espionage group.
By February 2024, the FBI Director had issued a warning about China’s cyber threat, labeling the situation as the “tip of the iceberg.” He highlighted the Volt Typhoon’s covert placement of offensive malware in U.S. critical infrastructure networks.
Later in April, FBI Director Christopher Wray warned that Chinese state-sponsored hackers could potentially control critical U.S. infrastructure and “wreak havoc” at any time.
Check out more of Benzinga's Consumer Tech coverage by following this link.
Read Next:
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Image Via Shutterstock
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
