Chinese hackers infiltrate US and Indian internet companies: report
A new report has revealed that a Chinese state-backed hacking campaign known as Bolt Typhoon has exploited vulnerabilities in a California-based startup to infiltrate internet companies in both the United States and India. The breach is linked to a flaw in Versa Networks’ server products, according to security researchers at Lumen Technologies’ Black Lotus Labs, highlighting major cybersecurity concerns.
Details of the breach
Volt Typhoon successfully exploited security flaws in Versa Networks’ software to infiltrate four U.S. companies, including an Internet service provider, and one Indian company. Black Lotus Labs assessed Volt Typhoon to be behind these intrusions with “medium confidence.” Exploitation of Versa’s unpatched systems is believed to be ongoing.
Versa Networks, a company that specializes in network configuration management, recently disclosed the vulnerability and released a patch. Despite these efforts, concerns remain about the security of the U.S.’s critical infrastructure.
Background and Response
The Volt Typhoon campaign was named by Microsoft in May 2023, and the US government has linked it to intrusions into critical infrastructure sectors such as water utilities, power grids and communications networks, raising alarms about potential disruptions in the event of a future crisis such as a geopolitical conflict.
Liu Pengyu, a spokesman for the Chinese embassy in Washington, denied claims that Bolt Typhoon is state-sponsored, saying the group is the work of a ransomware group called “Dark Power.” He suggested U.S. intelligence agencies may be working with cybersecurity companies to falsely blame China for cyberattacks for financial gain. Bloomberg has not been able to verify the claims.
Key Takeaways
- Vulnerability exploitationThe breach was caused by a vulnerability in Versa Networks’ server products, which was exploited by Volt Typhoon.
- Incident Discovery: In June, Lumen identified malicious code that allowed hackers to access networks using legitimate credentials.
- Versa Networks ResponseVersa released an emergency patch in June and began broadly notifying customers in July, after which the company made changes to its systems to harden security.
- Cybersecurity measures: The Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies until September 13th to patch or stop using affected Versa products.
- Government concernsThe United States has warned that the vulnerabilities continue and could have societal implications, with cybersecurity agencies calling for improved oversight and security measures.
Security measures and recommendations
Awareness and TrainingEducating employees about potential cyber threats and the importance of following security protocols can help prevent similar breaches.
Patch deployment: Versa has released patches to address the vulnerabilities, and businesses using Versa products should apply these updates promptly.
Firewall RulesFollowing Versa’s guidelines, which include blocking internet access to certain ports, is essential to protect your system from misuse.
Enhanced monitoring: Organizations need to improve logging and monitoring to quickly detect and address suspicious activity.
