{"id":56945,"date":"2024-08-27T17:32:28","date_gmt":"2024-08-27T17:32:28","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/"},"modified":"2024-08-27T17:32:28","modified_gmt":"2024-08-27T17:32:28","slug":"volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/","title":{"rendered":"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June"},"content":{"rendered":"<p>It looks like China&#8217;s Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director.<\/p>\n<p>This vulnerability, tracked as <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-39717\">CVE-2024-39717<\/a>, is being abused to plant custom, credential-harvesting web shells on customers&#8217; networks, according to Black Lotus Labs.&nbsp;Lumen Technologies&#8217; security researchers have <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.lumen.com\/taking-the-crossroads-the-versa-director-zero-day-exploitation\/\">attributed<\/a> &#8220;with moderate confidence&#8221; both the new malware, dubbed VersaMem, and the exploitation of Volt Typhoon, warning that these attacks are &#8220;likely ongoing against unpatched Versa Director systems.&#8221;<\/p>\n<p>Volt Typhoon is the Beijing-backed cyberspy crew that the feds have accused of burrowing into US critical infrastructure networks while readying &#8220;<a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/02\/07\/us_chinas_volt_typhoon_attacks\/\" rel=\"noopener\">disruptive or destructive cyberattacks<\/a>&#8221; against these vital systems.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Versa Director is a software tool that allows for the central management and monitoring of Versa SD-WAN software. It&#8217;s generally used by internet service providers (ISPs) and managed service providers (MSPs) to maintain their customers&#8217; network configurations \u2014 and this makes it an attractive target for cybercriminals because it gives them access to the service providers&#8217; downstream customers.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>That appears to be the case with this CVE, as Versa notes the attacks target MSPs for privilege escalation.&nbsp;<\/p>\n<p>In a Monday security advisory, the software manufacturer noted that the bug allowed users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to upload malicious files.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>It affected customers that hadn&#8217;t implemented Versa&#8217;s recommended system hardening and firewall guidelines, and, as a result, had a management port exposed to the internet, which gave the cyber snoops access to the victims&#8217; networks.<\/p>\n<p>Versa has since released a patch, and encourages all customers to upgrade to Versa Director version 22.1.4 or later and apply the hardening guidelines. But the advice comes too late for some, as we&#8217;re <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/versa-networks.com\/blog\/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability\/\">told<\/a>: &#8220;This vulnerability has been exploited in at least one known instance by an Advanced Persistent Threat actor.&#8221;<\/p>\n<p>The software maker did not immediately respond to <em>The Register<\/em>&#8216;s questions about the scope of the attacks, and who is believed to be responsible for the exploits.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The US Cybersecurity and Infrastructure Security Agency (CISA) on August 23 added CVE-2024-39717 to its <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=%20CVE-2024-39717&amp;field_date_added_wrapper=all&amp;sort_by=field_date_added&amp;items_per_page=20&amp;url=&amp;f%5B0%5D=vendor_project%3A1266\">Known Exploited Vulnerabilities<\/a> catalog.<\/p>\n<p>In subsequent research posted today, the Black Lotus Labs team says China&#8217;s Volt Typhoon cyber espionage crew exploited this CVE as a zero-day for more than two months.&nbsp;<\/p>\n<p>&#8220;Analysis of our global telemetry identified actor-controlled small-office\/home-office (SOHO) devices exploiting this zero-day vulnerability at four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as early as June 12, 2024,&#8221; the threat hunters noted.<\/p>\n<p>After gaining access to the victims&#8217; networks via the exposed Versa management port, the attackers deployed the VersaMem web shell, which steals credentials and then allows Volt Typhoon to access the service providers&#8217; customers&#8217; networks as authenticated users.&nbsp;<\/p>\n<p>&#8220;VersaMem is also modular in nature and enables the threat actors to load additional Java code to run exclusively in-memory,&#8221; the security shop added.<\/p>\n<p>When asked about Black Lotus Labs&#8217; attribution, Doug Britton, chief strategy officer at RunSafe Security, agreed that &#8220;this seems like a classic Volt Typhoon exploit.&#8221;<\/p>\n<p>Britton works with critical infrastructure CISOs to protect against this particular government-backed crew, and said this new attack &#8220;fits with their established MO of targeting edge systems to then move inbound for living off the land.&#8221;<\/p>\n<p>&#8220;This is a high-leverage attack, similar to SolarWinds, that once compromised, can allow attackers to expand their footprint below radar,&#8221; he told <em>The Register<\/em>.<\/p>\n<p>Plus, for anyone not yet convinced that software should be <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/05\/09\/68_tech_firms_sign_cisas\/\" rel=\"noopener\">secure by design<\/a> \u2014 with the onus for managing security risks falling on technology manufacturers, not the end users \u2014 this latest vulnerability should be more proof that CISA is on to something.<\/p>\n<p>&#8220;The Versa blog on the topic subtly chastises affected users for failing to implement recommended security guidance,&#8221; Britton said. &#8220;CISA&#8217;s whole point in Secure by Default is that vendors need to find ways to guarantee that the out of the box system is as secure as possible, minimizing the possibility that overworked operators make these types of errors.&#8221;<\/p>\n<p>It also highlights the need for vendors to find a way to future-proof their products against unknown flaws, he added. &#8220;Commercially available technologies exist that can allow product and software manufacturers the ability to neutralize entire classes of vulns (known and unknown), without devolving into the whack-a-mole game of bug chasing.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/08\/27\/chinas_volt_typhoon_versa\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure It looks like China&#8217;s Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-56945","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Volt Typhoon suspected of exploiting Versa SD-WAN bug since June 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-27T17:32:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June\",\"datePublished\":\"2024-08-27T17:32:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/\"},\"wordCount\":751,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/\",\"name\":\"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-08-27T17:32:28+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/","og_locale":"en_US","og_type":"article","og_title":"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-27T17:32:28+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June","datePublished":"2024-08-27T17:32:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/"},"wordCount":751,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/","url":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/","name":"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-08-27T17:32:28+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zs4w7LJOvhArY24FZaxAswAAAMI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-suspected-of-exploiting-versa-sd-wan-bug-since-june\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Volt Typhoon suspected of exploiting Versa SD-WAN bug since June"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56945"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56945\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}