一組與中國政府聯繫的駭客利用了軟件中的一個先前不知名的漏洞,瞄準了美國互聯網服務提供商,安全研究人員發現。
Versa出售軟件來管理網絡配置,被互聯網服務提供商(ISPs)和受管理的服務提供商(MSPs)使用,這使Versa對駭客來說成為一個“關鍵且有吸引力的目標”,研究人員在周二發表的報告中寫道。
This is the latest discovery of hacking activities carried out by Volt Typhoon, a group that is believed to be working for the Chinese government. The group focuses on targeting critical infrastructure, including communication and telecom networks, with the goal of causing “real-world harm” in the event of a future conflict with the United States. U.S. government officials testified earlier this year that the hackers aim to disrupt any U.S. military response in a future anticipated invasion of Taiwan.
The hackers’ goals, according to Black Lotus Labs’ researchers, were to steal and use credentials on downstream customers of the compromised corporate victims. In other words, the hackers were targeting Versa servers as crossroads where they could then pivot into other networks connected to the vulnerable Versa servers, Mike Horka, the security researcher who investigated this incident, told TechCrunch in a call.
如果您對Volt Typhoon或其他政府贊助的駭客活動有更多信息嗎?您可以通過Signal安全地聯繫Lorenzo Franceschi-Bicchierai,電話號碼是+1 917 257 1382,或者通過Telegram和Keybase @lorenzofb發送郵件。您也可以通過SecureDrop與TechCrunch聯繫。
“This wasn’t limited to just telecoms, but managed service providers and internet service providers,” said Horka. “These central locations that they can go after, which then provide additional access.” Horka said these internet and networking companies are targets themselves, “very likely because of the access that they could potentially provide to additional downstream customers.”
Horka said he found four victims in the United States, two ISPs, one MSP and an IT provider; and one victim outside of the U.S., an ISP in India. Black Lotus Labs did not name the victims.
Versa’s Chief Marketing Officer Dan Maier told TechCrunch in an email that the company has patched the zero-day identified by Black Lotus Labs.
“Versa confirmed the vulnerability and issued an emergency patch at that time. We have since issued a comprehensive patch and distributed this to all customers,” said Maier, adding that researchers warned the company of the flaw in late June.
Maier told TechCrunch that Versa itself was able to confirm the flaw and observe the “APT attacker” taking advantage of it.
Black Lotus Labs said it alerted the U.S. cybersecurity agency CISA of the zero-day vulnerability and the hacking campaign. On Friday, CISA added the zero-day to its list of vulnerabilities that are known to have been exploited. The agency warned that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
