Recently, network security researchers have discovered that in the past few months, hackers supported by the Chinese Communist Party have been continuously infiltrating US internet service providers to conduct espionage activities on their users. As these escalating threats pose significant risks to national security, they have raised serious concerns within the US government.
It is believed that the targets of the CCP hackers include government and military personnel carrying out classified missions, as well as groups holding strategic significance to the Chinese Communist Party.
According to a report released on Tuesday (August 27) by Black Lotus Labs, a subsidiary of internet security company Lumen Technologies, an organization backed by the Chinese government named “Volt Typhoon” initiated this network espionage activity.
The report pointed out that this hacker organization exploited a “zero-day vulnerability” in the Versa Director software produced by Versa Networks. A zero-day vulnerability refers to a security flaw that the software vendor is unaware of or has not provided an effective patch for.
Researchers from the organization stated that the Versa Director software is widely used by Internet Service Providers (ISPs) and Managed Services Providers (MSPs), making Versa an “important and highly attractive target” for hackers.
The report mentioned that Lumen Technologies has reported the zero-day vulnerability and hacker activities to the US Network Security Agency – Cybersecurity and Infrastructure Security Agency (CISA). It is reported that Lumen Technologies has patched this vulnerability.
TechCrunch, a US news website focused on information technology, quoted Mike Horka, a security researcher at Lumen Technologies and former FBI special agent, who stated that this recent hack not only targeted telecommunications companies but also included MSPs and ISPs. “They can attack these central locations and gain more access privileges,” he said.
Horka mentioned that he identified four affected companies in the US, including two ISPs, an MSP, and an IT provider, while one affected company was overseas in India, also an ISP. The names of the affected companies were not disclosed by Black Lotus Labs.
A former US cybersecurity official stated that the hacking activities of the Chinese government have “significantly intensified”.
Citing Brandon Wales, the former executive director of CISA, The Washington Post reported that “this has become a norm for China’s conduct, but it has significantly escalated compared to the past, worsening the situation.”
Horka emphasized that the targets of this hack were certain important clients with advanced and privileged connectivity permissions. He stressed that it is noteworthy that the attackers deemed this operation highly significant and chose to exploit software vulnerabilities that were previously undiscovered, which could have been saved for later use.
According to The Washington Post, the Chinese Embassy in Washington denied the accusations that the Chinese government supported the “Volt Typhoon” hacker organization.
After being first discovered last year, the US Department of Justice, FBI, National Security Agency (NSA), and CISA unanimously concluded that the “Volt Typhoon” hacker organization conducted a series of cyber attacks and espionage activities against the US and its allies with the support of the Chinese government.
In May 2023, Microsoft announced the detection of “Volt Typhoon” infiltrating US critical infrastructure, including a water treatment facility in Guam. The purpose of the intrusion, as detected by Microsoft, was to “disrupt key communication infrastructure between the United States and Asia during future crises.”
“Volt Typhoon” had attempted to attack US critical infrastructure using a botnet. In April, US Attorney General Merrick B. Garland stated that the Department of Justice thwarted an attack by “a hacker organization supported by the People’s Republic of China (Chinese government).”
Timothy D. Haugh, a US Cyber Command leader and NSA director, warned in June that China is actively seeking to disrupt the US defense industry and once again singled out the Chinese-supported hacker organization “Volt Typhoon”.