China-Sponsored Hackers Exploited Zero-Day Vulnerabilities to Target ISPs

Cyber security specialists have found that hackers backed by the Chinese communist government exploited zero-day vulnerabilities in the US software infrastructure to target America’s Internet Service Providers (ISPs).

A zero-day vulnerability is a security flaw in software that is unknown to the vendor. It has no available fix at the time of the attack, which makes it vulnerable to exploitation by attackers. The term “zero-day” indicates that the developers have zero days to patch the flaw before it can be exploited.

The researchers at the Black Lotus Labs stated that the hackers belonging to the Volt Typhoon discovered the vulnerability in the software developed by Versa Network, which uses this software as a SaaS solution for numerous US ISPs and managed service providers (MSPs).

Security stakeholders in Washington believe that Volt Typhoon hackers pose a severe threat to the United States telecom infrastructure. They can exploit such vulnerabilities during a possible China-US confrontation to inflict a large amount of damage on American soil.

Previously, FBI Director Christopher Wray testified in front of the House that rising Chinese cyber-attacks are part of the Chinese warfare strategy that they will utilize to the fullest against its future confrontation with the US.  Wray also claimed that the Volt Typhoon group would try to disrupt the US military infrastructure before it invades Taiwan, which some insiders believe can happen as soon as 2026.

Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, acknowledged the presence of “very basic” flaws in crucial American government infrastructure that these Chinese hackers tend to exploit. Easterly also stated that a major conflict far away from American borders could also trouble Americans by damaging our telecommunication infrastructure, polluting the drinking water pipelines, and bringing the public transportation system to its knees.

Cyber expert Mike Horka, who investigated the security breach, stated that the Chinese hackers wanted access to Versa services, which would have granted them access to its associated companies and helped them get the important data of downstream customers.

Although the investigators did not reveal the names of the victims whose systems were compromised in the attack, it was revealed that these victims included two US-based ISPs, one MSP, one IT provider, and an ISP in India.

Meanwhile, Dan Maier, Versa’s CMO, said that their company has now identified and patched the zero-day vulnerability.

Volt Typhoon mostly focuses on gathering important information through cyber-attacks and then exploiting it for espionage purposes. Microsoft has also found previously that this group can dismantle important communication systems between America and Asia during a possible future crisis.

However China has dismissed these concerns and called it a “collective disinformation campaign” of the West.