Chinese Hacking Group Exploits Software Bug to Target U.S. and International Internet Companies

A Chinese hacking group, allegedly backed by the Chinese government, has exploited a software vulnerability to infiltrate several internet companies in the U.S. and abroad, according to cybersecurity firm Lumen Technologies. The firm revealed on Tuesday that the hackers took advantage of a previously unknown bug in Versa Director, a software platform developed by Santa Clara, California-based Versa Networks.

Lumen’s researchers identified four U.S. victims and one Indian victim affected by the breach, though the companies’ identities were not disclosed. The hacking campaign, which reportedly began as early as June 12, was attributed to a group nicknamed “Volt Typhoon,” which is believed to be supported by the Chinese government.

Versa Networks confirmed the exploitation of the vulnerability in an advisory issued on Monday, urging customers to update their software to address the issue. The advisory noted that the vulnerability had been exploited “in at least one known instance” by an advanced hacking group.

Ryan English, a researcher at Lumen, stated that the hackers likely targeted these internet companies to surveil their customers. He emphasized that such groups “very rarely go in through the front door,” suggesting that the attackers sought to gain covert access for espionage purposes. Doug Britton, an executive at RunSafe Security, supported Lumen’s findings, noting that the access described would enable broad, silent surveillance by a group like Volt Typhoon.

The Chinese Embassy in Washington did not respond to requests for comment, although Beijing consistently denies involvement in cyberespionage. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Versa vulnerability to its list of “known exploited vulnerabilities” last Friday, signaling the severity of the threat.

Brandon Wales, the recently departed executive director of CISA, was quoted by the Washington Post as saying that China’s hacking efforts have “dramatically stepped up from where it used to be.” FBI Director Christopher Wray also expressed concerns in April, stating that China was developing the capability to “physically wreak havoc” on U.S. critical infrastructure.

Volt Typhoon has emerged as a significant concern for U.S. cybersecurity officials, with this latest breach further highlighting the ongoing threat posed by state-sponsored cyber activities.