Chinese hackers have exploited a bug to compromise Internet companies, the cybersecurity firm says

A Chinese hacking group exploited a software bug to compromise several Internet companies in the United States and abroad, a cybersecurity firm said Tuesday.

Researchers at Lumen Technologies said in a blog post that hackers took advantage of a previously unknown vulnerability in Versa Director — a software platform used to manage services for Versa Networks customers in Santa Clara, California. He said four American victims and one Indian victim had been identified, although he declined to identify them.

Versa Networks issued an advisory on Monday acknowledging that the vulnerability had been exploited “in at least one known instance” by an advanced group of hackers and urging customers to update their software to fix the bug. In an email, the company said it had confirmed three victims — including an Internet service provider.

Lumen’s blog post said its researchers assessed with “moderate confidence” that the hacking campaign, which began as early as June 12, was carried out by an alleged Chinese government-backed group nicknamed “Volt Typhoon.” Lumen researcher Ryan English said internet companies were targeted so the attackers could spy on their customers.

“They very rarely come in the front door,” he said.

Doug Britton, a director of Virginia-based RunSafe Security, said the research looks solid and that the access described by Lumen would allow a group like Volt Typhoon “the ability to do broad, silent surveillance.”

China’s embassy in Washington said in a statement late Tuesday that “Volt Typhoon” was actually a cybercriminal gang and was not “sponsored by any state or region.” It accused the US intelligence community of working with cyber security companies to raise the threat of “so-called Chinese government support for cyber attacks against the US”.

Brandon Wales, the recently deceased executive director of CISA, was quoted by the Washington Post on Tuesday as saying that China’s hacking effort “has stepped up dramatically from where it was before.”

Volt Typhoon has emerged as a group of particular concern to US cybersecurity officials. In April, FBI Director Christopher Wray said China was developing “the ability to wreak physical havoc” on critical US infrastructure.

(Reporting by Satter; Editing by Rod Nickel and Mark Porter)