BPOI Banner
Chinese Hackers Suspected of Spying on US Undercover Agents: Report Chinese Hackers Suspected of Spying on US Undercover Agents: Report

Chinese Hackers Suspected of Spying on US Undercover Agents: Report

A group of hackers exploited a zero-day vulnerability in Versa Director—software used by a number of internet service providers (ISPs) to secure their network operations—and were able to compromise several internet companies in the U.S. and abroad, according to Black Lotus Labs, the threat research and operations arm of Lumen Technologies.

Lumen believes the attacks may come from China.

“Based on known and observed tactics and techniques, Black Lotus Labs attributes the zero-day exploitation of CVE-2024-39717 and operational use of the VersaMem web shell with moderate confidence to the Chinese state-sponsored threat actors known as Volt Typhoon and Bronze Silhouette.” Lumen said.

Lumen’s researchers identified four U.S. victims and one foreign victim. According to the Washington Post, “targets are believed to include government and military personnel working undercover and groups of strategic interest to China.”

China denied such allegations. “Volt Typhoon’ is actually a ransomware cybercriminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region,” embassy spokesman Liu Pengyu told the Washington Post. The same statement was shared by Lin Jian, spokesperson of China’s Ministry of Foreign Affairs, on April 15 with the Global Times.

The exploit is “likely ongoing against unpatched Versa Director systems,” according to the researchers.

According to the findings, Volt Typhoon used a specialized web shell called “VersaMem” to capture user login details. VersaMem, a complex piece of malicious software, works by attaching itself to different processes and manipulating the Java code of vulnerable servers. It operates entirely in memory, making it particularly difficult to detect.

The exploit targeted Versa Director servers. These servers are often used by internet service providers and managed service providers, making them an attractive target for threat actors seeking to extend their reach through enterprise network management setups.

Versa Networks acknowledged the vulnerability on Monday, confirming it had been exploited “in at least one known instance.”

Lumen says the VersaMem web shell was first uploaded to malware aggregator VirusTotal on June 7, just days before the earliest observed exploitation. The malware was compiled using Apache Maven, with comments in Chinese characters discovered in the code. As of mid-August, it still had zero detections by antivirus software.

Brandon Wales, former executive director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), recently told The Record that Chinese hackers have improved their abilities to target key U.S. facilities and emphasized the need to increase investments in cybersecurity.

“China continues to target U.S. critical infrastructure,” he said in an interview. “The exposing of the Volt Typhoon efforts has obviously resulted in changes in tactics, the tradecraft that they’re using, but we know that they are continuing every day to try to compromise U.S. critical infrastructure.”

The cybersecurity firm emphasized the severity of the vulnerability and the sophistication of the attackers.

Meanwhile, Black Lotus Labs stressed that any operation relying on Versa Director to upgrade the software “to version 22.1.4 or later.”

Generally Intelligent Newsletter

A weekly AI journey narrated by Gen, a generative AI model.

Source link

Jose Antonio Lanz

https://decrypt.co/246847/chinese-hackers-suspected-of-spying-on-us-undercover-agents-report

2024-08-28 21:42:41

bitcoin
Bitcoin (BTC) $ 91,133.42 3.54%
ethereum
Ethereum (ETH) $ 3,089.16 0.65%
tether
Tether (USDT) $ 1.00 0.00%
solana
Solana (SOL) $ 217.62 3.35%
bnb
BNB (BNB) $ 620.12 0.47%
dogecoin
Dogecoin (DOGE) $ 0.377478 1.61%
xrp
XRP (XRP) $ 0.888055 10.42%
usd-coin
USDC (USDC) $ 1.00 0.05%
staked-ether
Lido Staked Ether (STETH) $ 3,087.17 0.80%
cardano
Cardano (ADA) $ 0.71586 22.23%
tron
TRON (TRX) $ 0.192437 8.78%
shiba-inu
Shiba Inu (SHIB) $ 0.000025 5.55%
the-open-network
Toncoin (TON) $ 5.38 2.39%
avalanche-2
Avalanche (AVAX) $ 32.97 5.16%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 91,019.39 3.61%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,652.31 0.66%
sui
Sui (SUI) $ 3.65 9.47%
pepe
Pepe (PEPE) $ 0.000023 8.59%
weth
WETH (WETH) $ 3,087.14 0.71%
chainlink
Chainlink (LINK) $ 13.81 5.83%
bitcoin-cash
Bitcoin Cash (BCH) $ 431.22 3.49%
polkadot
Polkadot (DOT) $ 5.16 7.94%
leo-token
LEO Token (LEO) $ 7.66 3.07%
near
NEAR Protocol (NEAR) $ 5.49 1.54%
litecoin
Litecoin (LTC) $ 83.91 3.41%
aptos
Aptos (APT) $ 11.80 5.66%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,248.59 0.46%
usds
USDS (USDS) $ 0.996316 0.31%
uniswap
Uniswap (UNI) $ 8.55 4.62%
crypto-com-chain
Cronos (CRO) $ 0.170712 15.59%
stellar
Stellar (XLM) $ 0.145097 9.56%
internet-computer
Internet Computer (ICP) $ 8.66 8.28%
dogwifcoin
dogwifhat (WIF) $ 3.85 8.47%
bittensor
Bittensor (TAO) $ 518.47 4.06%
ethereum-classic
Ethereum Classic (ETC) $ 23.19 6.02%
kaspa
Kaspa (KAS) $ 0.136998 0.66%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.29 4.55%
dai
Dai (DAI) $ 0.999711 0.07%
whitebit
WhiteBIT Coin (WBT) $ 22.32 0.83%
ethena-usde
Ethena USDe (USDE) $ 1.00 0.12%
bonk
Bonk (BONK) $ 0.000044 23.23%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.372551 4.06%
blockstack
Stacks (STX) $ 1.87 3.19%
hedera-hashgraph
Hedera (HBAR) $ 0.074672 16.63%
render-token
Render (RENDER) $ 6.93 4.59%
monero
Monero (XMR) $ 144.16 3.57%
okb
OKB (OKB) $ 43.95 1.09%
first-digital-usd
First Digital USD (FDUSD) $ 1.00 0.08%
filecoin
Filecoin (FIL) $ 4.17 7.79%
floki
FLOKI (FLOKI) $ 0.000255 19.07%