Chinese hacker group exploits startup bug to target US, Indian companies
Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers.
Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen Technologies Inc's unit Black Lotus Labs. Their assessment, much of which was published in a blog post Tuesday, found with «moderate confidence» that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.
Versa, which makes software that manages network configurations and has attracted investment from Blackrock Inc and Sequoia Capital, announced the bug last week and offered a patch and other mitigations.
The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.
Lumen shared its findings with Versa in late June, according to Lumen and supporting documentation shared with Bloomberg.
Versa, which is based in Santa Clara, California, said it issued an emergency patch for the bug at the end of June, but only began flagging the issue widely to customers in July once it was notified by one that claimed to have been breached. Versa said that customer, which it didn't identify, didn't follow previously published guidelines on how to protect
