Chinese Government Hackers Targeted US Internet Providers with Zero-Day Exploit, Researchers Claim
4 mins read

Chinese Government Hackers Targeted US Internet Providers with Zero-Day Exploit, Researchers Claim

Thecryptoinsider0

Volt Typhoon: A Group of Hackers Linked to the Chinese Government Exploiting Zero-Day Flaws

In a recent discovery, security researchers at Black Lotus Labs have found that a group of hackers linked to the Chinese government used a previously unknown vulnerability in software to target U.S. internet service providers.

Who is Volt Typhoon?

The group known as Volt Typhoon has been identified as one of the most active and sophisticated hacking groups operating today. They are believed to be working for the Chinese government, with the goal of causing "real-world harm" in the event of a future conflict with the United States.

The Vulnerability in Versa Director

According to Black Lotus Labs, Volt Typhoon exploited a zero-day flaw in Versa Director, a piece of software made by Versa Networks. This vulnerability allowed the hackers to gain access to sensitive information and potentially disrupt critical infrastructure.

Versa Networks: A Critical Target for Hackers

Versa sells software to manage network configurations, which makes it a critical target for hackers. The company’s products are used by internet service providers (ISPs) and managed service providers (MSPs), providing them with access to sensitive information and networks.

The Goals of Volt Typhoon

The researchers at Black Lotus Labs found that the hackers’ goals were to steal and use credentials on downstream customers of the compromised corporate victims. In other words, the hackers were targeting Versa servers as crossroads where they could then pivot into other networks connected to the vulnerable Versa servers.

Interview with Mike Horka

Mike Horka, a security researcher at Black Lotus Labs, was involved in investigating this incident. He stated that "This wasn’t limited to just telecoms, but managed service providers and internet service providers… These central locations that they can go after, which then provide additional access."

The Victims of Volt Typhoon

Horka found four victims in the United States, two ISPs, one MSP, and an IT provider; and one victim outside of the U.S., an ISP in India. The victims were not named by Black Lotus Labs.

Response from Versa Networks

Dan Maier, Chief Marketing Officer at Versa Networks, stated that the company has patched the zero-day identified by Black Lotus Labs. He added that researchers warned the company of the flaw in late June and that Versa itself was able to confirm the flaw and observe the "APT attacker" taking advantage of it.

Alert from CISA

Black Lotus Labs alerted the U.S. cybersecurity agency CISA of the zero-day vulnerability and the hacking campaign. On Friday, CISA added the zero-day to its list of vulnerabilities that are known to have been exploited.

The Risks Posed by Zero-Day Vulnerabilities

CISA warned that "these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." This highlights the importance of patching software vulnerabilities as soon as they are identified.

Conclusion

The discovery of Volt Typhoon’s activities is a reminder of the sophisticated hacking groups operating today. The use of zero-day flaws in software allows hackers to gain access to sensitive information and potentially disrupt critical infrastructure. It is essential for companies like Versa Networks to prioritize patching vulnerabilities as soon as they are identified.

Recommendations

  • Companies should regularly update their software to ensure that the latest security patches are applied.
  • Critical infrastructure providers should take extra precautions to protect themselves from hacking attempts, including implementing robust security measures and conducting regular vulnerability assessments.
  • The U.S. government should continue to work with private companies to identify and address vulnerabilities in software.

Related News

  • Watch Duty was downloaded 2 million times during this week’s LA fires
  • CES 2025: Self-driving cars were everywhere, plus other transportation tech trends
  • Apple may add an iPhone Air to its lineup

Subscribe to TechCrunch Daily News and Stay Up-to-Date on the Latest Tech News

Stay informed about the latest developments in technology by subscribing to our daily news newsletter.

Related Posts