Chinese government-linked hackers recently targeted U.S. internet service providers (ISPs) using a previously unknown vulnerability in Versa Director software, according to cybersecurity firm Lumen’s Black Lotus Lab. Versa Networks, the software maker, was unaware of the zero-day flaw, making it an attractive target for hackers. The hackers, known as Volt Typhoon, are believed to be working for the Chinese government and have a history of targeting critical infrastructure. They aim to cause “real-world harm” in the event of a future conflict with the United States. The hackers’ main goal was to steal and use credentials on downstream customers of compromised corporate victims. By targeting Versa servers, the hackers could gain access to other networks connected to the vulnerable servers. The victims of this hacking campaign included ISPs, MSPs, and an IT provider in the United States, as well as an ISP in India. Versa Networks has since patched the zero-day vulnerability after being alerted by Black Lotus Labs. The U.S. cybersecurity agency CISA has also been informed of the vulnerability and added it to its list of known exploited vulnerabilities. These types of vulnerabilities pose significant risks to the federal enterprise and other organizations.