A Chinese cyber espionage group, known as Volt Typhoon, has been linked to attacks on U.S. and Indian internet firms. The group has been exploiting a zero-day vulnerability in Versa Director, a software widely used by internet and IT service providers. This exploitation raises serious concerns about potential disruptions to communications between the U.S. and Asia, particularly in the event of a future armed conflict with China.
The vulnerability, identified as CVE-2024-39717, was discovered by researchers at Black Lotus Labs, a security firm owned by Lumen Technologies. The earliest known exploit activity occurred on June 12, 2024, at a U.S. ISP. The researchers have attributed the attacks to Volt Typhoon.
Versa Director is primarily used by Internet service providers (ISPs) and managed service providers (MSPs), which cater to the IT needs of numerous small and mid-sized businesses. The vulnerability in Versa Director allowed Volt Typhoon to gain unauthorized access to systems, potentially compromising sensitive information and infrastructure.
Versa, the software developer, issued a security advisory on August 26th, urging customers to install a patch for the vulnerability. The patch is available in Versa Director 22.1.4 or later versions. This incident highlights the growing threat posed by cyber espionage groups like Volt Typhoon.
U.S. security agencies have been aware of Volt Typhoon for some time. In May 2023, Microsoft accused Chinese hackers of spying on critical American infrastructure, including Guam. The National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity Infrastructure Security Agency (CISA) issued a joint warning about the group’s activities. FBI Director Christopher Wray warned in April 2024 that Chinese state-sponsored hackers could potentially control critical U.S. infrastructure and cause significant disruptions.
The Volt Typhoon’s alleged attempt to exploit Versa Director underscores the increasing sophistication of cyberattacks and the potential for significant damage to critical infrastructure. The incident serves as a stark reminder of the importance of robust cybersecurity measures and vigilance against cyber threats.
