It has been pointed out that the Chinese government hacker group 'Bolt Typhoon' is using vulnerabilities in the network operation service 'Versa Director' to carry out zero-day attacks targeting the United States
It has been pointed out that the Chinese government-backed hacker group 'Volt Typhoon' carried out a so-called zero-day attack that exploited a zero-day vulnerability in 'Versa Director,' a network operations platform used by Internet service providers (ISPs) and managed service providers (MSPs).
Versa Security Bulletin: Update on CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability - The Versa Networks Blog
Taking the Crossroads: The Versa Director Zero-Day Exploitation - Lumen
New 0-Day Attacks Linked to China's 'Volt Typhoon' – Krebs on Security
https://krebsonsecurity.com/2024/08/new-0-day-attacks-linked-to-chinas-volt-typhoon/
China's Volt Typhoon reportedly targets US internet providers using Versa zero-day
https://therecord.media/versa-zero-day-volt-typhoon-china
According to the report, the Versa Director had a vulnerability that allowed a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to upload potentially malicious files. The vulnerability was reported as 'CVE-2024-39717' and Versa released a patch. However, prior to the patch, it was exploited in at least one known instance by an advanced persistent threat (APT) actor.
s
Four targets were identified in the US, including ISPs, MSPs, and the information technology sector, and one was identified outside the US.
According to the Black Lotus Labs team at Lumen Technologies, the telecommunications company that discovered the vulnerability being exploited, the attack shows characteristics of attacks by Chinese government-affiliated hacker groups, such as a zero-day attack targeting IT infrastructure service providers and a Java-based backdoor that runs only in memory, and they believe with a medium or higher probability that Bolt Typhoon is involved in the intrusion.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said rising tensions between China and Taiwan have prompted China to seek ways to launch destructive attacks against Taiwan's ally, the United States.
Chinese authorities have suggested that the existence of the group 'Bolt Typhoon' itself was created by Western intelligence agencies, and that the attacks are actually being carried out by ransomware gangs.
Continued
China denies claims by the U.S. government and Microsoft that the Chinese government is behind the hacker group 'Bolt Typhoon,' calling it a 'farce created by China itself.'
Related Posts:
in Security, Posted by logc_nt