China’s ‘Volt Typhoon’ hackers target Indian, US firms, including internet companies

The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers.

Bloomberg
Published28 Aug 2024, 06:24 AM IST
A report has indicated breach of security of India and US firm by Chinese hackers
A report has indicated breach of security of India and US firm by Chinese hackers

The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers. 

Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen Technologies Inc.’s unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with “moderate confidence” that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing. 

Versa, which makes software that manages network configurations and has attracted investment from Blackrock Inc. and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. 

The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country’s water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan. 

Liu Pengyu, a spokesman for the Chinese Embassy in Washington, said in an email, “ ‘Volt Typhoon’ is actually a ransomware cyber criminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region.”

He added that China sees signs that the US intelligence community has secretly collaborated with cybersecurity companies to falsely accuse China of supporting cyberattacks against the US as part of an effort to boost congressional budgets and government contracts. Bloomberg couldn’t verify those claims.

Lumen shared its findings with Versa in late June, according to Lumen and supporting documentation shared with Bloomberg.

Versa, which is based in Santa Clara, California, said it issued an emergency patch for the bug at the end of June, but only began flagging the issue widely to customers in July once it was notified by one that claimed to have been breached. Versa said that customer, which it didn’t identify, didn’t follow previously published guidelines on how to protect its systems via firewall rules and other measures.

Dan Maier, Versa’s chief marketing officer, said in an email Monday that those 2015 guidelines include advising customers to close off internet access to a specific port, which the customer had failed to follow. Since last year, he said, Versa has now taken measures of its own to make the system “secure by default,” meaning customers will no longer be exposed to that risk even if they haven’t followed company guidelines.

The bug carries a “high” severity rating, according to the National Vulnerability Database. On Friday, the Cybersecurity and Infrastructure Security Agency, known as CISA, ordered federal agencies to patch Versa products or stop using them by Sept. 13.

The vulnerability has been exploited in at least one known instance by a sophisticated hacking group, Versa said in a blog post on Monday. The company didn’t identify the group, and on Friday, Versa told Bloomberg it didn’t know the identity.

Microsoft Corp. named and unveiled the Volt Typhoon campaign in May 2023. Since its discovery, US officials have urged companies and utilities to improve their logging to help search for and eradicate the hackers, who use vulnerabilities to get into systems and then can remain undetected for long stretches of time. 

The Chinese government has dismissed US accusations, saying the hacking attacks attributed to Volt Typhoon are the work of cyber criminals. 

CISA Director Jen Easterly told Congress in January about the malicious cyber activity, warning the US has discovered only the tip of the iceberg when it comes to victims and that China’s aim is to be able to plunge the US into “societal panic.”

US agencies, including CISA, the National Security Agency and the FBI, said in February that Volt Typhoon activity dates back at least five years and has targeted communications, energy, transportation systems, water and wastewater systems. 

Lumen first identified the malicious code in June, according to Lumen researcher Michael Horka. A malware sample uploaded from Singapore on June 7 bore the hallmarks of Volt Typhoon, he said in an interview. 

Horka, a former FBI cyber investigator who joined Lumen in 2023 after working on Volt Typhoon cases for the federal government, said the code was a web shell that allowed hackers to gain access to a customer’s network via legitimate credentials and then behave as if they were bona fide users.

 

(Updates with comment from Chinese Embassy starting in fifth paragraph.)

More stories like this are available on bloomberg.com

©2024 Bloomberg L.P.

Catch all the Business News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

MoreLess
First Published:28 Aug 2024, 06:24 AM IST
Business NewsNewsWorldChina’s ‘Volt Typhoon’ hackers target Indian, US firms, including internet companies

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    NTPC

    424.00
    03:55 PM | 19 SEP 2024
    10.15 (2.45%)

    Zee Entertainment Enterprises

    126.15
    03:56 PM | 19 SEP 2024
    -5.1 (-3.89%)

    Indian Oil Corporation

    165.10
    03:59 PM | 19 SEP 2024
    -3.35 (-1.99%)

    Indus Towers

    389.65
    03:53 PM | 19 SEP 2024
    -37.9 (-8.86%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    K P R Mill

    936.70
    03:41 PM | 19 SEP 2024
    77.75 (9.05%)

    Rainbow Childrens Medicare

    1,371.45
    03:29 PM | 19 SEP 2024
    79.5 (6.15%)

    Asahi India Glass

    708.85
    03:47 PM | 19 SEP 2024
    34 (5.04%)

    PB Fintech

    1,882.30
    03:58 PM | 19 SEP 2024
    76.75 (4.25%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      73,350.00250.00
      Chennai
      73,310.00180.00
      Delhi
      73,430.00-80.00
      Kolkata
      73,410.00-130.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      102.86/L0.00
      Chennai
      100.85/L0.10
      Kolkata
      104.95/L0.00
      New Delhi
      94.72/L0.00

      Popular in News

        HomeMarketsPremiumInstant LoanMint Shorts