PYMNTS-MonitorEdge-May-2024

Lumen: Chinese Hacking Group Breached 4 US Companies

Hackers tied to China breached four U.S. companies, according to cybersecurity researchers.

Lumen’s Black Lotus Labs said in a Tuesday (Aug. 27) blog post that the group Volt Typhoon found a server vulnerability at the startup Versa Networks that allowed it to hack the four companies. It also hacked a company in India, Bloomberg reported Tuesday.

“Given the severity of the vulnerability, the sophistication of the threat actors, the critical role of Versa Director servers in the network, and the potential consequences of a successful compromise, Black Lotus Labs considers this exploitation campaign to be highly significant,” the blog post said.

Lumen shared its findings with Versa in late June, Bloomberg reported. Versa said it issued an emergency patch for the bug at the end of June but only began flagging the issue widely to clients in July after one of them notified Versa of a breach.

Versa said the customer failed to follow the proper guidelines on how to protect its systems through measures like firewall rules, according to the report.

Earlier this year, FBI Director Christopher Wray warned that the Chinese government’s attempts to virtually attack American infrastructure had reached new levels. He mentioned Volt Typhoon by name. The group last year was revealed to be dormant inside U.S. critical infrastructure, with malware that needed to be triggered to disrupt that infrastructure.

“It’s the tip of the iceberg,” Wray said at the time. “…It’s one of many such efforts by the Chinese.”

In other cybersecurity news, there was a “possible cyberattack” last week at the Port of Seattle, which operates the Seattle-Tacoma International Airport.

The incident came weeks after the July Microsoft outage that sidelined critical systems around the world, although that disruption came as a result of a software glitch by CrowdStrike, not the actions of cybercriminals.

“Still, both incidents serve as an uncomfortable illustration of just how brittle the connected economy’s core internet structure can be, particularly when faced with stressors,” PYMNTS wrote Monday (Aug. 26). “But as the world goes increasingly digital, the risk of online systems being targeted by cybercriminals who want to disrupt operations, steal data or ransom sensitive information is only growing.”

PYMNTS-MonitorEdge-May-2024