Campaign · all campaigns
Versa Director Zero Day ExploitationC0039 state
🇨🇳 CN · PLA
aka Versa Director Zero Day Exploitation
Run by Volt Typhoon
Last updated: 2026-07-03
About this actor
[Versa Director Zero Day Exploitation](https://attack.mitre.org/campaigns/C0039) was conducted by [Volt Typhoon](https://attack.mitre.org/groups/G1017) from early June through August 2024 as zero-day exploitation of Versa Director servers controlling software-defined wide area network (SD-WAN) applications. Since tracked as CVE-2024-39717, exploitation focused on credential capture from compromised Versa Director servers at managed service providers (MSPs) and internet service providers (ISPs) to enable follow-on access to service provider clients. [Versa Director Zero Day Exploitation](https://attack.mitre.org/campaigns/C0039) was followed by the delivery of the [VersaMem](https://attack.mitre.org/software/S1154) web shell for both credential theft and follow-on code execution.(Citation: Lumen Versa 2024)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 8 / 13 | 62% |
SI-4 | 8 / 13 | 62% |
CM-2 | 7 / 13 | 54% |
AC-4 | 6 / 13 | 46% |
CA-7 | 6 / 13 | 46% |
CM-7 | 6 / 13 | 46% |
SC-7 | 6 / 13 | 46% |
SI-3 | 6 / 13 | 46% |
AC-3 | 4 / 13 | 31% |
SC-23 | 4 / 13 | 31% |
AC-2 | 3 / 13 | 23% |
AC-5 | 3 / 13 | 23% |
AC-6 | 3 / 13 | 23% |
RA-5 | 3 / 13 | 23% |
SC-16 | 3 / 13 | 23% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- FrostyGoop Incident 0.25
- Indian Critical Infrastructure Intrusions 0.25
- RedEcho 0.24
- Outer Space 0.23
- C0021 0.18
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00