A Chinese hacking group has exploited a previously unknown software bug to compromise several internet companies in the U.S. and internationally, according to cybersecurity firm Lumen Technologies. The hackers targeted a vulnerability in Versa Director, a software platform used by Santa Clara-based Versa Networks to manage customer services. The breach affected four U.S. companies and one in India, though Lumen declined to name the victims.
Cybersecurity firm reports vulnerability in Versa Director software exploited by Chinese hackers.
Versa Networks acknowledged the vulnerability on Monday, confirming that it had been exploited “in at least one known instance” and urged customers to update their software to fix the issue. Lumen Technologies’ researchers, with “moderate confidence,” attributed the hacking campaign, which began around June 12, to an alleged Chinese government-backed group known as “Volt Typhoon.” Lumen’s researcher, Ryan English, noted that these attacks were likely aimed at surveilling the targeted companies’ customers.
Doug Britton, an executive at RunSafe Security, supported Lumen’s findings, emphasizing that the level of access described would enable broad and silent surveillance by a group like Volt Typhoon. The Chinese Embassy in Washington did not respond to requests for comment, although China typically denies any involvement in cyberespionage. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Versa vulnerability to its list of “known exploited vulnerabilities.”
Brandon Wales, the former executive director of CISA, was quoted by the Washington Post as saying that China’s hacking efforts have “dramatically stepped up” compared to previous years. Volt Typhoon has become a significant concern for U.S. cybersecurity officials. Earlier in April, FBI Director Christopher Wray warned that China was enhancing its capabilities to potentially disrupt U.S. critical infrastructure.
