The Chinese state-backed hacking group Volt Typhoon exploited a zero-day flaw (CVE-2024-39717) in Versa Director, a platform used by ISPs and MSPs to manage SD-WAN connections.
They uploaded a malicious webshell via a feature meant for customizing GUI icons. This allowed them to steal credentials and breach corporate networks.
Affected Versa Director versions include 21.2.3, 22.1.2, and 22.1.3; upgrading to version 22.1.4 resolves the issue. Admins should also review system hardening requirements and firewall guidelines per Versa's advisory.
