U.S. internet service providers, managed service providers, and IT firms have been subjected to ongoing attacks by Chinese advanced persistent threat operation Volt Typhoon targeting Versa Director servers impacted by the high-severity zero-day, tracked as CVE-2024-39717, since June, SecurityWeek reports.
Intrusions aimed at Versa Director versions earlier than 22.1.4 involved the utilization of a custom zero-day-linked web shell facilitating the compromise of credentials that could be leveraged for further network infiltration, an analysis from Lumen Technologies' Black Lotus Labs revealed. Immediate remediation of the vulnerability has already been urged by the Cybersecurity and Infrastructure Security Agency following Versa Networks' disclosure of attacks aimed at the zero-day. However, Versa Networks noted that the confirmed successful exploitation of the flaw stemmed from the impacted organization's failure to implement firewall guidance from 2015 and 2017. "In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date," said Versa Networks.