State-sponsored Chinese hackers exploited a zero-day vulnerability in Versa Director, a software platform for managing SD-WAN infrastructure used by internet service providers (ISPs) and managed service providers (MSPs). The group, known in the security industry as Volt Typhoon, has targeted US critical infrastructure organizations in the past.

“Black Lotus Labs has observed the zero-day exploitation of Versa Director servers, now assigned CVE-2024-39717, dating back to at least June 12, 2024,” researchers with Lumen Technologies’ Black Lotus Labs team wrote in a report. “This exploitation campaign has remained highly targeted, affecting several U.S. victims in the ISP, MSP and IT sectors.”

Versa Networks, developer of Versa Director and other SD-WAN and SASE products, patched the CVE-2024-39717 vulnerability this week, but it alerted customers to review their firewall requirements on July 26 and informed them about the actively exploited flaw on August 9.