Volt Typhoon, a hacker group believed to be state-sponsored by China, exploited a software bug to penetrate American and Indian internet companies, researchers have reported.
Lumen Technologies’ threat research and operations division, Black Lotus Labs, says the hackers have taken advantage of a zero-day flaw to breach four U.S. entities, including internet service providers, and another company in India.
The vulnerability was traced to a Versa Networks server product, with the Black Lotus report expressing “moderate confidence” that Volt Typhoon was the perpetrator. The security researchers believe the incident is likely to be ongoing, with Versa offering patches and other mitigations since the flaw was announced last week.
Versa provides software to manage network configurations used by ISPs and managed service providers. Black Lotus Labs said this makes Versa “a critical and attractive target” for threat actors.
Potential for ‘real-world harm’ if conflict arises with U.S.
If this is the work of Volt Typhoon, it is another example of targeting key communications infrastructure for potential future use. Earlier this year, the U.S. government accused the hackers of infiltrating other crucial American utilities such as water and power grids.
With the group considered to be working on behalf of the Beijing administration, the accumulation of assets and access extends its ability to cause “real-world harm” in the event of any conflict situation with the United States, including an invasion of Taiwan.
“This wasn’t limited to just telecoms, but managed service providers and internet service providers,” Mike Horka, a security researcher who investigated this incident, said to TechCrunch.
Black Lotus Labs confirmed it alerted the US cybersecurity agency CISA to the zero-day vulnerability and the hacking campaign.
Featured image via Ideogram
The post Report says Chinese state-sponsored hackers breached US internet providers appeared first on ReadWrite.
