Chinese hackers exploited bug to compromise internet companies, says cyber-security firm

WASHINGTON – A Chinese hacking group exploited a software bug to compromise several internet companies in the US and abroad, a cyber-security firm said on Aug 27.

Researchers at the firm, Lumen Technologies, said in a blog post that the hackers took advantage of a previously unknown vulnerability in Versa Director – a software platform used to manage services for customers of Santa Clara, California-based Versa Networks.

It said four US victims and one Indian victim had been identified, although it declined to identify them.

Versa Networks issued an advisory on Aug 26 acknowledging that the vulnerability had been exploited “in at least one known instance” by an advanced group of hackers.

The firm urged its customers to update their software to fix the bug.

Lumen’s blog post said that its researchers assessed with “moderate confidence” that the hacking campaign, which kicked off as early as June 12, was carried out by an alleged Chinese government-backed group nicknamed “Volt Typhoon.”

Lumen researcher Ryan English said the internet companies were targeted for the attackers to track their customers.

“They very rarely go in through the front door,” he said.

Mr Doug Britton, an executive with Virginia-based RunSafe Security, said the research appeared sound and that the access described by Lumen would allow a group such as Volt Typhoon “the ability to do broad, silent surveillance”.

The Chinese Embassy in Washington did not respond to a request seeking comment, although Beijing routinely denies allegations of its involvement in cyber espionage.

On Aug 23, the US Cybersecurity and Infrastructure Security Agency (Cisa) added the Versa vulnerability to its list of “known exploited vulnerabilities”.

The Washington Post quoted Mr Brandon Wales, the former executive director of Cisa, on Aug 27 as saying that China’s hacking effort had “dramatically stepped up from where it used to be”.

Volt Typhoon has emerged as a group of particular concern to US cyber-security officials.

In April, Federal Bureau of Investigation director Christopher Wray said China was developing the “ability to physically wreak havoc” on US critical infrastructure. REUTERS