Chinese Hacking Group Exploits Software Bug

By Raphael Satter

WASHINGTON (Reuters) – A Chinese hacking group exploited a software bug to compromise several internet companies in the United States and abroad, a cybersecurity firm said on Tuesday.

Researchers at the firm Lumen Technologies reported in a blog post that the hackers took advantage of a previously unknown vulnerability in Versa Director, a software platform used to manage services for customers of Santa Clara, California-based Versa Networks. They identified four U.S. victims and one Indian victim but did not disclose their names.

Versa Networks issued an advisory on Monday acknowledging that the vulnerability had been exploited in at least one known instance by an advanced group of hackers. The company urged customers to update their software to fix the bug. In an email, Versa confirmed three victims, including an internet service provider.

Lumen’s blog post indicated that researchers assessed with moderate confidence that the hacking campaign, which began as early as June 12, was executed by a group allegedly backed by the Chinese government, nicknamed “Volt Typhoon.” Lumen researcher Ryan English noted the internet companies were targeted for the attackers to surveil their customers—indicating they rarely infiltrate systems through conventional means.

Doug Britton, an executive with Virginia-based RunSafe Security, opined that the access described by Lumen would enable a group like Volt Typhoon to conduct extensive and discreet surveillance.

The Chinese Embassy in Washington countered late Tuesday, claiming that “Volt Typhoon” is merely a gang of cybercriminals not sponsored by any state and accused the U.S. intelligence community of colluding with cybersecurity firms to exaggerate the threat of alleged Chinese state-sponsored cyberattacks against the U.S.

Brandon Wales, the recently departed executive director of CISA, was quoted by the Washington Post stating that China’s hacking efforts have dramatically intensified.

Volt Typhoon has emerged as a significant concern for U.S. cybersecurity officials. In April, FBI Director Christopher Wray remarked that China was developing the capability to potentially disrupt U.S. critical infrastructure physically.