The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers.
Volt Typhoon has breached four U.S. firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen Technologies’ unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with "moderate confidence” that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.
Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.