Chinese Hackers Suspected of Spying on US Undercover Agents: Report
The post Chinese Hackers Suspected of Spying on US Undercover Agents: Report appeared on BitcoinEthereumNews.com.
A group of hackers exploited a zero-day vulnerability in Versa Director—software used by a number of internet service providers (ISPs) to secure their network operations—and were able to compromise several internet companies in the U.S. and abroad, according to Black Lotus Labs, the threat research and operations arm of Lumen Technologies. Lumen believes the attacks may come from China. “Based on known and observed tactics and techniques, Black Lotus Labs attributes the zero-day exploitation of CVE-2024-39717 and operational use of the VersaMem web shell with moderate confidence to the Chinese state-sponsored threat actors known as Volt Typhoon and Bronze Silhouette.” Lumen said. Lumen’s researchers identified four U.S. victims and one foreign victim. According to the Washington Post, “targets are believed to include government and military personnel working undercover and groups of strategic interest to China.” China denied such allegations. “Volt Typhoon’ is actually a ransomware cybercriminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region,” embassy spokesman Liu Pengyu told the Washington Post. The same statement was shared by Lin Jian, spokesperson of China’s Ministry of Foreign Affairs, on April 15 with the Global Times. The exploit is “likely ongoing against unpatched Versa Director systems,” according to the researchers. According to the findings, Volt Typhoon used a specialized web shell called “VersaMem” to capture user login details. VersaMem, a complex piece of malicious software, works by attaching itself to different processes and manipulating the Java code of vulnerable servers. It operates entirely in memory, making it particularly difficult to detect. The exploit targeted Versa Director servers. These servers are often used by internet service providers and managed service providers, making them an attractive target for threat actors seeking to extend their reach through enterprise network management setups. Versa Networks acknowledged the vulnerability on…
Filed under: News - @ August 29, 2024 12:16 am