Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers.
The administrative control allows VersaMem to run with the necessary privileges to hook the Versa authentication methods, meaning the web shell can hijack the execution flow to make it introduce new functions.
CVE-2024-39717, as the zero-day is tracked, is an unsanitized file upload vulnerability that allows for the injection of malicious Java files that run on the Versa systems with elevated privileges.
To fly under the radar, the threat actor waged their attacks through compromised small office and home office routers.
[
Collection
]
[
|
...
]