A sophisticated cyberattack linked to the Chinese government has reportedly been carried out by the infamous hacking group Volt Typhoon, targeting critical infrastructure within the United States. This group is accused of exploiting a previously unknown vulnerability—now identified as CVE-2024-39717—within the network management platform Versa Director, aiming to breach the networks of internet service providers and technology firms.
Versa, in a statement released on Monday, confirmed that the vulnerability had been patched following its discovery. The flaw, classified as high-severity, was actively exploited in the wild by a nation-state actor before the fix was issued. It has since been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) catalog of known exploited vulnerabilities. The flaw impacts all versions of Versa Director released prior to 22.1.4.
Versa Director is a critical tool used by IT professionals to manage and monitor networks across multiple locations. Given its central role in enterprise network management, it presents an appealing target for threat actors seeking to infiltrate and control widespread systems. According to cybersecurity experts at Lumen Technologies, the breach is attributed to Volt Typhoon, a hacking group previously known for targeting U.S. energy and defense sectors, with a notable history of using home routers as staging points for larger attacks.
In this latest campaign, Volt Typhoon exploited the Versa Director vulnerability to deploy a custom-designed web shell, dubbed VersaMem. This malicious tool enabled the attackers to intercept credentials and execute arbitrary code on compromised servers, all while evading detection. The group reportedly targeted four U.S.-based entities and one non-U.S. entity, spanning sectors such as internet service providers, managed service providers, and information technology.
The initial version of VersaMem was first uploaded to VirusTotal from Singapore in June, a mere five days before the earliest identified exploitations in the United States, as revealed by Lumen Technologies. The company speculates that Volt Typhoon may have tested the web shell on non-U.S. targets before launching attacks on U.S. networks. Alarmingly, the current version of the malware remains undetected on VirusTotal.
Lumen Technologies considers this exploitation campaign to be of critical significance, given the vulnerability’s severity, the sophisticated nature of the attackers, and the strategic importance of Versa Director servers. The company has shared its findings with U.S. federal agencies, emphasizing the emerging risks that could jeopardize the nation’s strategic assets.
For over a year, U.S. government entities, including the White House and the Defense Department, have been on high alert regarding the Volt Typhoon campaign. They believe these cyber activities are part of a broader strategy by China to establish footholds within U.S. critical infrastructure, potentially to delay or disrupt military mobilization in the event of a Chinese invasion of Taiwan.
CISA Director Jen Easterly recently highlighted the growing cyber threats posed by escalating tensions between China and Taiwan. She warned of a scenario where a conflict in Asia could result in destructive cyberattacks against the U.S., aiming to incite societal chaos and hinder America’s ability to respond militarily.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
