This year, the US accused Volt Typhoon of breaking into networks that run vital US utilities, like the nation’s electrical system, communications, and water infrastructure, in order to cause havoc during a future crisis, like an invasion of Taiwan.
Security researchers have discovered that the Chinese government-sponsored hacking operation Volt Typhoon is taking advantage of a vulnerability in a California-based firm to compromise internet businesses in the United States and India. Black Lotus Labs, a division of Lumen Technologies Inc., reports that Volt Typhoon used a weakness in a Versa Networks server product to compromise four US companies, including internet service providers, and another in India. They concluded with “moderate confidence” that Volt Typhoon was responsible for the compromises of unpatched Versa systems and that exploitation was probably still happening. A large portion of their analysis was shared in a blog post on Tuesday.
Versa, a company that produces network configuration management software and has received funding from Sequoia Capital and Blackrock Inc., disclosed the issue last week along with a patch and other mitigations. The disclosure will heighten worries about how vulnerable US critical infrastructure is to attackers. This year, the US accused Volt Typhoon of breaking into networks that run vital US utilities, like the nation’s electrical system, communications, and water infrastructure, in order to cause havoc during a future crisis, like an invasion of Taiwan. “Volt Typhoon is actually a ransomware cybercriminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region,” an email from Liu Pengyu, a spokeswoman for the Chinese Embassy in Washington, stated.
He continued, saying that China has evidence that the US intelligence community has been working covertly with cybersecurity firms to fabricate claims that China backs cyberattacks against the US in an attempt to increase government contracts and congressional funding. Bloomberg was unable to confirm such statements. Lumen and accompanying material shared with Bloomberg state that Lumen presented its results to Versa in late June.
Lumen and accompanying material shared with Bloomberg state that Lumen presented its results to Versa in late June. The Santa Clara, California-based Versa stated that it released an emergency patch for the bug at the end of June, but it wasn’t until July that it started notifying customers about it publicly after one of them reported that it had been compromised. Versa claimed that the client, which it would not name, had not complied with earlier published instructions on how to safeguard its systems using firewall rules and other security procedures. The chief marketing officer of Versa Dan Maier stated in an email on Monday that one of the 2015 guidelines’ recommendations was for consumers to cut off internet connections to a particular port, which the customer had neglected to do.
The National Vulnerability Database rates the bug as having a “high” severity. Federal agencies were given a directive by the Cybersecurity and Infrastructure Security Agency, or CISA, on Friday to either patch Versa products or cease using them by September 13. Versa stated in a blog post on Monday that a highly skilled hacking gang has exploited the vulnerability in at least one known case. Versa informed Bloomberg on Friday that it was unsure of the group’s identity, having not been given credit by the corporation. In May 2023, Microsoft Corp. announced and branded the Volt Typhoon campaign. US officials have asked businesses and utilities to enhance their logging since the virus’s detection in order to aid in the hunt for and elimination of the hackers, who get access to systems by exploiting weaknesses and can thereafter go extended periods without being noticed. The Chinese government has refuted the US charges, claiming that cybercriminals are responsible for the hacking attempts that Volt Typhoon is credited with. In January, CISA Director Jen Easterly briefed Congress on the malicious cyber activity, cautioning that China hopes to incite “societal panic” in the US and that the US has only found the tip of the iceberg in terms of victims. In February, US agencies like the FBI, CISA, and the National Security Agency stated that Volt Typhoon activity has been targeting water and wastewater infrastructure, electricity, communications, and transportation systems for at least five years.
According to Lumen researcher Michael Horka, the malicious code was first discovered by Lumen in June. In an interview, he said that a malware sample that was uploaded from Singapore on June 7 had Volt Typhoon’s characteristics. After working on Volt Typhoon cases for the federal government, Horka, a former FBI cyber investigator, joined Lumen in 2023. Horka explained that the code was a web shell that allowed hackers to enter a customer’s network using valid credentials and then act as genuine users.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.