Chinese Volt Typhoon Hackers Strike Again in Critical Zero-Day Attack That Threatens Network Security

In a disturbing development, cybersecurity experts at Lumen Technologies have uncovered a new wave of cyberattacks by the Chinese hacking group Volt Typhoon, exploiting a serious vulnerability in Versa Director servers. This zero-day flaw, identified as CVE-2024-39717, poses a severe threat, especially to Internet Service Providers (ISPs) and Managed Service Providers (MSPs), whose networks are at risk of being infiltrated.

The vulnerability was recently added to the CISA must-patch list, signaling its critical nature. Versa Networks confirmed that the flaw allows attackers to breach the Versa Director graphical user interface (GUI) and deploy malware on compromised devices. Versa Director servers, vital for managing network configurations in SD-WAN software, are now prime targets for these sophisticated cybercriminals.

Volt Typhoon, a group with ties to the Chinese government, has been linked to the exploitation of this vulnerability. Lumen Technologies' Black Lotus Labs team discovered a unique web shell being used to hijack credentials and gain unauthorized access to networks of downstream customers. The group’s activities have been traced back to June 12, 2024, and they continue to wreak havoc on several U.S. organizations, particularly within the ISP, MSP, and IT sectors.

The ramifications of this breach are severe. Volt Typhoon's history is fraught with attacks on critical infrastructure across various sectors, including communications, utilities, transportation, and government. Their methods are sophisticated, and their campaigns are targeted, leaving numerous organizations vulnerable to devastating consequences.

Versa Networks has acknowledged a case where the vulnerability was exploited due to outdated firewall guidelines that had not been implemented by a customer. This oversight allowed the attackers to exploit the flaw without needing to access the GUI. While Versa Networks appears to shift some responsibility onto victim organizations for these configuration errors, the reality is that this vulnerability presents a significant danger to all affected networks.

The Black Lotus Labs team has sounded the alarm, warning that Volt Typhoon’s campaign is likely ongoing against unpatched Versa Director systems. With the group’s known tactics and the growing sophistication of their attacks, it is imperative that organizations take immediate action to secure their networks.

The full scope of this threat is yet to be fully understood, but the consequences could be catastrophic if left unaddressed. The Black Lotus Labs team is expected to release detailed technical documentation, including Indicators of Compromise (IOCs) and telemetry data, to assist organizations in identifying and mitigating the risks posed by this exploit.

In light of this alarming situation, all organizations using Versa Director servers are urged to patch their systems immediately and review their security configurations. The danger is real, and the stakes are high—failure to act could result in a breach that could cripple critical infrastructure and compromise sensitive data. The clock is ticking, and the time to act is now.

By Zane
August 28, 2024
Computer Security
English
August 28, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Computer Security

Chinese Volt Typhoon APT Targets US Entities

The Chinese nation-state actor known as Volt Typhoon, also referred to as Bronze Silhouette, has recently been discovered to be actively conducting cyber espionage operations since mid-2020. The group, identified by... Read more

June 26, 2023
Computer Security

China’s Volt Typhoon Hackers Were ‘Pre-Positioning’ Cyberattacks against Critical US Infrastructure for Five Years

The cybersecurity landscape has been rocked by revelations regarding the clandestine activities of Volt Typhoon, a Chinese state-sponsored hacking group. According to a recent advisory from the US Cybersecurity and... Read more

February 8, 2024
Computer Security

Chinese Threat Actors Hit Big Telecoms

Security researchers published information on three different, yet likely linked cyber campaigns focused on espionage. All attacks have been focused on infiltrating the networks of big telecommunications enterprises.... Read more

August 3, 2021
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.