Vulnerability Management, Threat Intelligence

Attacks exploiting Versa Director zero-day launched by Volt Typhoon

Share
Digital Matrix Zero Day Concept: Binary Code Background with 3D Text Effect

U.S. internet service providers, managed service providers, and IT firms have been subjected to ongoing attacks by Chinese advanced persistent threat operation Volt Typhoon targeting Versa Director servers impacted by the high-severity zero-day, tracked as CVE-2024-39717, since June, SecurityWeek reports.

Intrusions aimed at Versa Director versions earlier than 22.1.4 involved the utilization of a custom zero-day-linked web shell facilitating the compromise of credentials that could be leveraged for further network infiltration, an analysis from Lumen Technologies' Black Lotus Labs revealed. Immediate remediation of the vulnerability has already been urged by the Cybersecurity and Infrastructure Security Agency following Versa Networks' disclosure of attacks aimed at the zero-day. However, Versa Networks noted that the confirmed successful exploitation of the flaw stemmed from the impacted organization's failure to implement firewall guidance from 2015 and 2017. "In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date," said Versa Networks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.