Cyberattack with China Ties Against Major Telcos May Have Tapped into Critical US Federal Government Data

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In a published blog, Lumen says its Black Lotus Labs has identified an active exploitation of a zero-day vulnerability in its Versa Director servers, which orchestrate its SD-WAN network services.

• Though the company, attributing the attack to threat actors Volt Typhoon backed by China, didn’t specify which of its clients would have been affected, others suggest the attack may have penetrated the infrastructure supporting sensitive government wiretapping communications.

Reports circulated this summer that state-sponsored cybercriminals connected to China hacked into US federal government resources via major telecom providers’ networks. Last week, it was revealed by several journalism sources including the Wall Street Journal that the target of the activity was federal government communications related to court-ordered network wiretapping applications that the hackers accessed through AT&T, Lumen, and Verizon’s networks. Though no one with direct knowledge of the situation was named, anonymous sources say the threat actors could have been tapped into the networks months ago.

Though neither AT&T nor Verizon have yet to issue a statement, in a blog, Lumen discloses that Black Lotus Labs have found threat actors from the Chinese-affiliated Volt Typhoon exploited a zero-day flaw in the VersaMem web shell to gain access. This comes at a time when escalating tensions between the US and China, Iran, and other nations have government officials on high alert about fears that state-backed cybercriminals may be lying in wait in some US systems already, getting ready to pull off attacks on critical infrastructure such as waste and clean water systems.

This month, the New Jersey-based utility American Water announced it had brought its customer service portal and other systems back online after a cyberattack. After spotting “unauthorized activity” on its network earlier in the month, the company has opted to power down its portal and other systems.These breaches underscore the vulnerability associated with the supply chain. An organization is only as secure as its weakest link, which extends to third-party partners and suppliers.

Leave a Reply