WASHINGTON 鈥 A Chinese hacking group exploited a software bug to compromise several internet companies in the US and abroad, a cybersecurity firm said on Tuesday.
Researchers at the firm, Lumen Technologies, said in a blog post that the hackers took advantage of a previously unknown vulnerability in Versa Director 鈥 a software platform used to manage services for customers of Santa Clara, California-based Versa Networks. It said four US victims and one Indian victim had been identified, although it declined to identify them.
Versa Networks issued an advisory on Monday acknowledging that the vulnerability had been exploited 鈥渋n at least one known instance鈥 by an advanced group of hackers, and urged customers to update their software to fix the bug.
Lumen鈥檚 blog post said that its researchers assessed with 鈥渕oderate confidence鈥 that the hacking campaign, which kicked off as early as June 12, was carried out by an alleged Chinese government-backed group nicknamed 鈥淰olt Typhoon.鈥 Lumen researcher Ryan English said that the internet companies were targeted for the attackers to surveil their customers.
鈥淭hey very rarely go in through the front door,鈥 he said.
Doug Britton, an executive with Virginia-based RunSafe Security, said the research appeared sound and that the access described by Lumen would allow a group like Volt Typhoon 鈥渢he ability to do broad, silent surveillance.鈥
The Chinese Embassy in Washington did not respond to a request seeking comment, although Beijing routinely denies allegations of its involvement in cyberespionage. On Friday, the US Cybersecurity and Infrastructure Security Agency added the Versa vulnerability to its list of 鈥渒nown exploited vulnerabilities.鈥
Brandon Wales, the recently departed executive director of CISA, was quoted by the Washington Post on Tuesday saying that China鈥檚 hacking effort had 鈥渄ramatically stepped up from where it used to be.鈥
Volt Typhoon has emerged as a group of particular concern to U.S. cybersecurity officials. In April, FBI Director Christopher Wray said China was developing the 鈥渁bility to physically wreak havoc鈥 on U.S. critical infrastructure. 鈥 Reuters
