A Chinese hacking group known as Volt Typhoon has been exploiting a vulnerability in Versa Networks’ software to target companies in the United States and India. Despite the release of a patch, many companies failed to apply the fix, resulting in several breaches.
Volt Typhoon, suspected to be a state-sponsored group, has breached four American companies, including internet service providers, and one Indian company by taking advantage of a flaw in Versa Networks’ software, which is used to manage network configurations. The vulnerability was identified by security researchers at Lumen Technologies’ Black Lotus Labs, as reported by Bloomberg.
Versa Networks discovered the flaw and released a patch in June 2023. However, the fix was not widely communicated to customers until July, after one company reported a breach. Versa revealed that the affected company had not followed earlier recommendations, such as restricting internet access to a specific port. In response, Versa has now updated its systems to be secure by default, ensuring protection even if customers don’t adhere to the guidelines.
The vulnerability, classified as “high” severity by the National Vulnerability Database, has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to instruct federal agencies to either patch the flaw or stop using Versa products by September 13, 2023. Versa confirmed that the flaw has been exploited at least once, though they did not specifically identify Volt Typhoon as the culprit.
Volt Typhoon has reportedly been active for at least five years, targeting critical sectors such as communications, energy, and transportation. The U.S. government has previously accused the group of infiltrating essential infrastructure, including water facilities and the power grid, potentially to cause disruptions during a future crisis, possibly related to Taiwan.
The Chinese government, however, denies these allegations, claiming that Volt Typhoon is actually a criminal group known as “Dark Power” and not affiliated with the state. They also suggested that U.S. intelligence agencies are falsely blaming China for cyberattacks to justify increased budgets and government contracts.