BPOI Banner
Chinese Hackers Suspected of Spying on US Undercover Agents: Report Chinese Hackers Suspected of Spying on US Undercover Agents: Report

Chinese Hackers Suspected of Spying on US Undercover Agents: Report

A group of hackers exploited a zero-day vulnerability in Versa Director—software used by a number of internet service providers (ISPs) to secure their network operations—and were able to compromise several internet companies in the U.S. and abroad, according to Black Lotus Labs, the threat research and operations arm of Lumen Technologies.

Lumen believes the attacks may come from China.

“Based on known and observed tactics and techniques, Black Lotus Labs attributes the zero-day exploitation of CVE-2024-39717 and operational use of the VersaMem web shell with moderate confidence to the Chinese state-sponsored threat actors known as Volt Typhoon and Bronze Silhouette.” Lumen said.

Lumen’s researchers identified four U.S. victims and one foreign victim. According to the Washington Post, “targets are believed to include government and military personnel working undercover and groups of strategic interest to China.”

China denied such allegations. “Volt Typhoon’ is actually a ransomware cybercriminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region,” embassy spokesman Liu Pengyu told the Washington Post. The same statement was shared by Lin Jian, spokesperson of China’s Ministry of Foreign Affairs, on April 15 with the Global Times.

The exploit is “likely ongoing against unpatched Versa Director systems,” according to the researchers.

According to the findings, Volt Typhoon used a specialized web shell called “VersaMem” to capture user login details. VersaMem, a complex piece of malicious software, works by attaching itself to different processes and manipulating the Java code of vulnerable servers. It operates entirely in memory, making it particularly difficult to detect.

The exploit targeted Versa Director servers. These servers are often used by internet service providers and managed service providers, making them an attractive target for threat actors seeking to extend their reach through enterprise network management setups.

Versa Networks acknowledged the vulnerability on Monday, confirming it had been exploited “in at least one known instance.”

Lumen says the VersaMem web shell was first uploaded to malware aggregator VirusTotal on June 7, just days before the earliest observed exploitation. The malware was compiled using Apache Maven, with comments in Chinese characters discovered in the code. As of mid-August, it still had zero detections by antivirus software.

Brandon Wales, former executive director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), recently told The Record that Chinese hackers have improved their abilities to target key U.S. facilities and emphasized the need to increase investments in cybersecurity.

“China continues to target U.S. critical infrastructure,” he said in an interview. “The exposing of the Volt Typhoon efforts has obviously resulted in changes in tactics, the tradecraft that they’re using, but we know that they are continuing every day to try to compromise U.S. critical infrastructure.”

The cybersecurity firm emphasized the severity of the vulnerability and the sophistication of the attackers.

Meanwhile, Black Lotus Labs stressed that any operation relying on Versa Director to upgrade the software “to version 22.1.4 or later.”

Generally Intelligent Newsletter

A weekly AI journey narrated by Gen, a generative AI model.

Source link

Jose Antonio Lanz

https://decrypt.co/246847/chinese-hackers-suspected-of-spying-on-us-undercover-agents-report

2024-08-28 21:42:41

bitcoin
Bitcoin (BTC) $ 95,456.58 0.93%
ethereum
Ethereum (ETH) $ 3,306.39 1.25%
tether
Tether (USDT) $ 1.00 0.03%
xrp
XRP (XRP) $ 2.19 2.21%
bnb
BNB (BNB) $ 664.91 0.63%
solana
Solana (SOL) $ 182.51 1.42%
dogecoin
Dogecoin (DOGE) $ 0.313207 0.80%
usd-coin
USDC (USDC) $ 1.00 0.08%
staked-ether
Lido Staked Ether (STETH) $ 3,300.33 1.22%
cardano
Cardano (ADA) $ 0.887283 1.17%
tron
TRON (TRX) $ 0.247476 0.65%
avalanche-2
Avalanche (AVAX) $ 36.41 3.86%
chainlink
Chainlink (LINK) $ 22.70 2.23%
the-open-network
Toncoin (TON) $ 5.42 1.08%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,907.08 1.36%
shiba-inu
Shiba Inu (SHIB) $ 0.000022 0.08%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 95,195.51 0.85%
sui
Sui (SUI) $ 4.27 5.82%
stellar
Stellar (XLM) $ 0.355504 0.32%
polkadot
Polkadot (DOT) $ 6.90 2.26%
hedera-hashgraph
Hedera (HBAR) $ 0.266508 4.52%
hyperliquid
Hyperliquid (HYPE) $ 28.31 14.22%
weth
WETH (WETH) $ 3,303.20 1.49%
bitcoin-cash
Bitcoin Cash (BCH) $ 442.93 2.49%
leo-token
LEO Token (LEO) $ 9.40 0.98%
uniswap
Uniswap (UNI) $ 13.89 1.32%
litecoin
Litecoin (LTC) $ 101.91 0.97%
pepe
Pepe (PEPE) $ 0.000018 2.06%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,486.51 1.07%
near
NEAR Protocol (NEAR) $ 5.09 1.11%
ethena-usde
Ethena USDe (USDE) $ 0.999694 0.05%
bitget-token
Bitget Token (BGB) $ 4.13 0.57%
usds
USDS (USDS) $ 1.00 0.27%
aptos
Aptos (APT) $ 9.11 4.46%
aave
Aave (AAVE) $ 333.06 11.35%
internet-computer
Internet Computer (ICP) $ 10.03 0.89%
crypto-com-chain
Cronos (CRO) $ 0.154141 1.90%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.475489 0.86%
mantle
Mantle (MNT) $ 1.17 0.85%
ethereum-classic
Ethereum Classic (ETC) $ 26.23 0.43%
vechain
VeChain (VET) $ 0.045882 0.52%
render-token
Render (RENDER) $ 7.06 1.41%
whitebit
WhiteBIT Coin (WBT) $ 24.43 0.03%
monero
Monero (XMR) $ 187.74 1.89%
mantra-dao
MANTRA (OM) $ 3.63 1.97%
dai
Dai (DAI) $ 1.00 0.05%
bittensor
Bittensor (TAO) $ 456.30 0.40%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.28 0.14%
arbitrum
Arbitrum (ARB) $ 0.756978 0.92%
ethena
Ethena (ENA) $ 1.05 0.05%