This advisory is archived
Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.
- Advisory ID: CV_2023_05_1
- Title: Volt Typhoon Advisory
- Severity: CRITICAL
- Issued: 2023-05-26
- Updated: 2023-05-26
- CVSS Score Range: 9.0 - 10.0
- Additional Links:
Impacted Products
With the recent announcement of the Volt Typhoon cyber campaign, our team has conducted a thorough security assessment of Commvault and Commvault Cloud services and have found no impact to the security, privacy, or integrity of your data backups.
Resolution
We also recommend you to check your Commvault and Commvault Cloud environment to ensure security controls such as the following are active:
- MFA is properly configured and up to date
- Dual authorization workflows are in place for backup and restore operations
- Compliance locks are enabled for services, apps, and backup destinations
- Additionally, for customers looking for an extra layer of protection, we encourage you to evaluate ThreatWise, capable of surfacing zero-day and unknown threats in production environments.