The flaw, found in Versa Networks’ software designed for managing network configurations, was identified and patched by the company in June 2023
A Chinese hacking group, known as Volt Typhoon, has been exploiting a security flaw in software developed by California-based startup Versa Networks to breach internet companies in the United States and India. According to security researchers from Lumen Technologies’ Black Lotus Labs, cited in a Bloomberg report, Volt Typhoon has successfully infiltrated four American companies, including internet service providers, and one Indian company by taking advantage of this vulnerability.
The flaw, found in Versa Networks’ software designed for managing network configurations, was identified and patched by the company in June 2023. However, it appears that not all companies applied the fix promptly, leaving their systems open to attack. This ongoing hacking campaign has raised significant concerns about cybersecurity in both countries.
Volt Typhoon is suspected to be a state-sponsored hacking group linked to China. The U.S. government has previously accused the group of targeting critical infrastructure, including water facilities and the power grid, with the potential aim of causing disruptions during a future crisis, possibly related to Taiwan.
In response to these allegations, the Chinese government has denied any state involvement, instead claiming that Volt Typhoon is a criminal group known as “Dark Power.” They have also accused U.S. intelligence agencies of falsely blaming China for cyberattacks as a pretext to justify increased budgets and government contracts.
Versa Networks issued an emergency fix for the vulnerability at the end of June 2023. However, the company only widely informed its customers about the issue in July, after one customer reported a breach. Versa stated that this customer had not followed earlier guidelines, such as closing off internet access to a specific port, which could have prevented the attack. Versa has since updated its systems to be secure by default, ensuring that even if customers do not follow recommended guidelines, their systems should still be protected.
The vulnerability has been rated as “high” severity by the National Vulnerability Database. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to either fix the vulnerability or stop using Versa products by September 13, 2023.
The hacking group has reportedly used the flaw at least once to breach a system, according to Versa, although they did not explicitly name Volt Typhoon as the culprit. The group’s activities have been ongoing for at least five years, with a focus on targeting key sectors like communications, energy, and transportation.
