A Chinese hacking group has exploited a software vulnerability to infiltrate several internet companies in the U.S. and abroad, according to cybersecurity firm Lumen Technologies.
On Tuesday, Lumen researchers revealed in a blog post that the hackers targeted a previously unknown flaw in Versa Director — a software platform used by Santa Clara, California-based Versa Networks to manage services for its customers.
Lumen reported that four U.S. companies and one Indian company were compromised, though the firm declined to name the victims. Versa Networks acknowledged the vulnerability on Monday, confirming that it had been exploited “in at least one known instance” and urged customers to update their software to secure their systems.
Lumen’s researchers believe, with “moderate confidence,” that the hacking campaign, which began as early as June 12, was conducted by “Volt Typhoon,” an alleged Chinese government-backed group. According to Lumen researcher Ryan English, the attackers targeted internet companies to surveil their customers, employing sophisticated methods to avoid direct detection.
Doug Britton, an executive with Virginia-based RunSafe Security, supported Lumen’s findings, noting that the breach could enable extensive, covert surveillance by groups like Volt Typhoon, Reuters news report said.
The Chinese Embassy in Washington did not respond to requests for comment, although China routinely denies involvement in cyberespionage. Last Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Versa vulnerability to its list of “known exploited vulnerabilities.”
Brandon Wales, the former executive director of CISA, was quoted by the Washington Post on Tuesday, stating that China’s hacking activities have “dramatically stepped up” in recent years. Volt Typhoon, in particular, has drawn concern from U.S. cybersecurity officials, with FBI Director Christopher Wray warning in April that China is developing capabilities to “physically wreak havoc” on U.S. critical infrastructure.
