Lumen Technologies, a cybersecurity firm, has reported that a Chinese-linked hacking group exploited a vulnerability in widely used network management software to breach several internet providers in the United States and one company in India.
According to Lumen, the attackers took advantage of a flaw in Versa Director, a platform used to manage services for customers of Versa Networks, based in Santa Clara, California. The exploitation allowed intruders to gain unauthorized access to the affected systems.
Lumen’s investigation identified five victims—four in the US and one in India—but did not disclose the companies’ names. Versa Networks confirmed it was aware that an advanced actor used the exploit to achieve full access in at least one confirmed case and advised customers to install available updates to mitigate the issue. Versa later reported identifying three victims in total, including an internet service provider.
Researchers say the campaign may have begun as early as June 12. Lumen attributed the activity with “moderate confidence” to a group known as Volt Typhoon, which US officials and private-sector analysts have associated with Chinese-backed operations. Ryan English, a researcher at Lumen, said the attackers likely targeted internet companies to enable monitoring of their customers, observing that such actors “very rarely go in through the front door.”
Security specialists expressed concern over the depth of access described. Doug Britton, an executive at RunSafe Security, called Lumen’s findings credible and noted that the level of access reported would permit a threat actor to conduct broad, stealthy surveillance across affected networks.
China’s embassy in Washington denied state sponsorship of Volt Typhoon in a statement, characterizing the group as cybercriminals and accusing US intelligence agencies and some cybersecurity firms of exaggerating the threat of state-backed cyberattacks.
Commentators and former officials have warned of increasing Chinese cyber activity. Brandon Wales, former executive director of the Cybersecurity and Infrastructure Security Agency (CISA), told the Washington Post that China’s hacking operations have grown substantially compared with previous years. Earlier, FBI Director Christopher Wray warned that China could develop capabilities enabling physical disruption of critical US infrastructure—concerns that have elevated Volt Typhoon as a priority threat for US cybersecurity teams.
This incident underscores the persistent tensions between the US and China over cybersecurity and highlights the risks posed by vulnerabilities in widely used management platforms. As threat actors evolve their techniques, organizations must prioritize timely patching, rigorous network monitoring, and strong incident response processes. Coordination among software vendors, service providers, and public-sector cybersecurity entities remains essential to detect, mitigate, and prevent large-scale intrusions.
(Image by Ivana Tomášková)