New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
Read original article
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software used by many Internet and IT service providers, which is believed to be linked to the Chinese cyber espionage group known as Volt Typhoon. This group aims to infiltrate critical U.S. networks to potentially disrupt communications during future conflicts with China. The vulnerability, identified as CVE-2024-39717, allows attackers to upload arbitrary files to vulnerable systems. Versa has urged customers to update to version 22.1.4 or later to mitigate the risk. The advisory highlighted that many customers failed to implement necessary security measures, leaving management ports exposed to the internet. Black Lotus Labs reported discovering a web-based backdoor on affected systems, with the earliest exploit activity traced back to June 12, 2024. The group’s tactics, including the use of zero-day vulnerabilities and Java-based backdoors, suggest a sophisticated approach to cyber espionage. U.S. agencies, including the NSA and FBI, have previously warned about Volt Typhoon's activities, indicating that the group is not only gathering intelligence but also positioning itself to disrupt critical infrastructure. The ongoing threat from Volt Typhoon underscores the need for enhanced cybersecurity measures among service providers.
- A zero-day vulnerability in Versa Director is being exploited by hackers linked to China's Volt Typhoon group.
- The vulnerability allows attackers to upload files, compromising systems used by ISPs and MSPs.
- U.S. agencies have warned that Volt Typhoon aims to disrupt critical infrastructure, not just gather intelligence.
- Customers are urged to update their systems to mitigate the risk of exploitation.
- The situation highlights the importance of implementing robust cybersecurity measures.
Related
UK cyber-boss slams China's bug-hoarding laws
The UK's NCSC CEO criticized China's cyber laws, citing concerns over cyber activities. AWS denied business issues in China. Japan found remnants of a supernova. India succeeded in telecom manufacturing incentives. Mt Gox repaid investors. Singapore intervened in Grab's acquisition. Australia ordered a tech review. Various alliances and deals occurred in the Asia-Pacific region, reflecting cybersecurity, tech advancements, and regulations.
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
Windows 0-day was exploited by North Korea to install advanced rootkit
North Korean hackers exploited a Windows zero-day vulnerability, CVE-2024-38193, to install the undetectable FudModule rootkit, targeting sensitive sectors while Microsoft delayed patching for six months.
9 commentsIf ISPs are leaving management ports open on the Internet, it's going to take more than a vendor patch to protect them from cyber warfare.
Based on my observation of fellow Chinese software engineers' average knowledge and skills about cyber security, as well as the absolute absent of security considerations of most "SOHO network devices" in China, I would rather apply Hanlon's razor and say that it's not the Chinese attackers, but it's Chinese botnet.
As you may already know, Chinese users and software engineers generally does not care about personal privacy and hence also cyber security, so the entire industry is rather undeveloped.
I am curious why doesn't Versa use the exploit themselves to patch the issue? it would be a great wake up moment to realize that stuff is not secure as it should be with updates.
well there's a sentence to think about in horror
Related
UK cyber-boss slams China's bug-hoarding laws
The UK's NCSC CEO criticized China's cyber laws, citing concerns over cyber activities. AWS denied business issues in China. Japan found remnants of a supernova. India succeeded in telecom manufacturing incentives. Mt Gox repaid investors. Singapore intervened in Grab's acquisition. Australia ordered a tech review. Various alliances and deals occurred in the Asia-Pacific region, reflecting cybersecurity, tech advancements, and regulations.
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
Windows 0-day was exploited by North Korea to install advanced rootkit
North Korean hackers exploited a Windows zero-day vulnerability, CVE-2024-38193, to install the undetectable FudModule rootkit, targeting sensitive sectors while Microsoft delayed patching for six months.