A vulnerability in Versa Networks’ software is being exploited by a Chinese hacking group called Volt Typhoon to target companies in the U.S. and India. While a fix has been released, not all companies have implemented it, resulting in multiple security breaches.

Volt Typhoon, a Chinese hacking group, has been using a security loophole in software developed by Versa Networks, a California-based startup, to launch attacks on internet companies in the United States and India.

As reported by Bloomberg, security researchers at Lumen Technologies’ Black Lotus Labs have revealed that the Volt Typhoon has taken advantage of this vulnerability to breach four American companies, including internet service providers, and one Indian company.

The security flaw was discovered in Versa Networks’ software, which manages network configurations. Despite Versa identifying the bug and providing a fix in June 2023, not all companies have promptly applied the patch, leaving them open to potential attacks. The hacking campaign is believed to be ongoing.

Volt Typhoon is suspected to be a Chinese state-sponsored hacking group. The U.S. government has previously accused the group of infiltrating critical infrastructure in the U.S., such as water facilities and the power grid, with the intention of causing disruptions during a potential crisis that may be linked to Taiwan.

The Chinese government has denied these allegations, asserting that the Volt Typhoon is a criminal group known as “Dark Power” and is not affiliated with the state. They have also suggested that U.S. intelligence agencies are falsely attributing cyberattacks to China to rationalize increased budgets and government contracts.

Versa Networks issued an emergency fix for the bug at the end of June but only widely notified customers in July after one customer reported a breach.

The company stated that this customer should have adhered to earlier guidelines to protect their systems, such as restricting internet access to a specific port. Versa has now updated its systems to be secure by default, ensuring they should still be protected even if customers do not follow the guidelines.

The National Vulnerability Database has rated the vulnerability as “high” severity. The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has mandated federal agencies to rectify the vulnerability or cease using Versa products by September 13, 2023.

According to Versa, the hacking group has utilised the flaw at least once to breach a system, although they did not specify the group. Volt Typhoon’s operations have reportedly been ongoing for at least five years, targeting critical sectors such as communications, energy, and transportation.

Feeling overwhelmed by the markets? Let Unicorn Signals be your guide. Our user-friendly app simplifies complex data and provides actionable trading signals. Download the app today and trade with confidence!