According to Lumen, Chinese hackers are penetrating US web corporations via a Silicon Valley startup

According to security researchers, the Chinese state-sponsored hacking campaign called Volt Typhoon is exploiting a security flaw in a California-based startup to hack American and Indian web corporations.

Black Lotus Labs, a subsidiary of Lumen Technologies Inc., said Volt Typhoon penetrated 4 U.S. corporations, including web service providers, and one other in India. The attack was carried out through a vulnerability in a server product from Versa Networks. Their assessment, mostly published in a blog post on Tuesday, concluded with “moderate confidence” that Volt Typhoon was behind the attacks on unpatched Versa systems and said the exploit was likely still ongoing.

RELATED TOPICS: Hackers can have stolen every American's Social Security number. Here's methods to protect yourself

Versa, a maker of network configuration management software and investors in Blackrock Inc. and Sequoia Capital, disclosed the flaw last week and offered a patch and other mitigations.

The revelation will heighten concerns concerning the vulnerability of critical U.S. infrastructure to cyberattacks. The U.S. this 12 months accused Volt Typhoon of attempting to penetrate networks that run critical U.S. services, including a few of the country's water facilities, power grid and communications sector, to cause disruption in a future crisis, similar to an invasion of Taiwan.

Lumen shared its results with Versa in late June, in keeping with Lumen and supporting documents seen by Bloomberg.

Versa, based in Santa Clara, California, said it issued an emergency patch for the flaw in late June but only began rolling out the difficulty to all customers in July after it was notified by a customer who claimed to have been the victim of an attack. Versa said that customer, whose identity was not disclosed, had not followed previously published guidelines to guard its systems with firewall rules and other measures.

Dan Maier, Versa's marketing director, said in an email Monday that the 2015 policy advised customers to dam Internet access to a particular port, amongst other things, but the shopper had not followed that. Since last 12 months, Versa has taken its own measures to make the system “secure by default,” meaning customers aren’t any longer exposed to that risk even in the event that they haven’t followed company policies.

The vulnerability was exploited in not less than one known case by a classy hacker group, Versa said in a blog post on Monday. The company didn’t discover the group and told Bloomberg on Friday that it didn’t know the identity.

Microsoft Corp. named and disclosed the Volt Typhoon campaign in May 2023. Since its discovery, U.S. authorities have been urging corporations and utilities to enhance their logging to make it easier to seek out and eradicate the hackers who exploit vulnerabilities to penetrate systems after which remain undetected for long periods of time.

The Chinese government has rejected the US allegations, saying the hacking attacks attributed to Volt Typhoon were the work of cyber criminals.

CISA Director Jen Easterly briefed Congress on the malicious cyber activity in January, warning that the U.S. had only seen the tip of the iceberg by way of victims and that China's goal was to plunge the U.S. right into a “societal panic.”

US agencies similar to CISA, the National Security Agency and the FBI said in February that Volt Typhoon's activities date back not less than five years and targeted communications, energy and transportation systems, in addition to water and sewage systems.

Lumen first discovered the malicious code in June, said Lumen researcher Michael Horka. A malware sample uploaded from Singapore on June 7 bore the characteristics of Volt Typhoon, he said in an interview.

Horka, a former FBI cyber investigator who joined Lumen in 2023 after working on Volt-Typhoon cases for the federal government, said the code was an internet shell that allowed hackers to access a customer's network using legitimate credentials after which act as in the event that they were real users.

You can find more stories like this on bloomberg.com

©2024 Bloomberg L.P.

Originally published:

image credit : www.mercurynews.com