A suspected Chinese hacker group was seen exploiting a previously undisclosed zero-day flaw in Versa Networks' Versa Director software platform. Versa released a patch for the vulnerability on August 26. The exploit affected four disclosed entities in the U.S. and one in India.Â
Santa Clara-based Versa Networks uses the Versa Director systems to manage customer services dedicated to Internet and IT service providers, such as Internet service providers (ISPs) and managed service providers (MSPs).
Versa’s security advisory suggested that affected customers were vulnerable to the cyberattack because they left a management port exposed on the Internet that the threat actors used for initial access.
The CVE-2024-39717 vulnerability allows attackers to upload a file of their choosing to exposed machines, and security experts said in separate reports that Internet companies were targeted to surveil their customers.
Lumen Technologies Inc.’s unit Black Lotus Labs' security researchers suspect the Chinese government-backed cyber espionage group Volt Typhoon is behind the cybercriminal campaign that started on June 12.Â
The hacker group focuses on infiltrating critical U.S. networks and facilitating the disruption of communications with Asia during potential future armed conflicts with China.
Versa said it is fixed in Director 22.1.4 or later. The Versa vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's list of known exploited vulnerabilities.
In recent news, a network of at least 5,000 fake X accounts that seem to be operated by AI is allegedly part of a disinformation campaign connected to China that focuses on divisive U.S. political issues.