Home / Technology / Microsoft says Chinese hackers used a SolarWinds exploit to carry out attacks

Microsoft says Chinese hackers used a SolarWinds exploit to carry out attacks



SolarWind’s vulnerabilities are still being targeted by foreign hackers months after the US information technology company suffered a major cyber attack. On Tuesday, Microsoft said a group operating out of China used a zero-day remote code execution to attack SolarWinds software. If successfully exploited, the flaw in the IT company’s Serv-U software allows hackers to perform actions such as installing and running malicious payloads or viewing and modifying data, Microsoft noted in a blog post.

As part of the investigation, Microsoft said it had observed the hacking group targeting organizations in the US military research and development and software sectors. The company has designated the actor as DEV-0322 with reference to its status as an unidentified “development group.”

; Microsoft explained that it uses the label before it has gained high confidence in the origin or identity of a hacker. The group, which operates from China, uses commercial VPN solutions and compromised consumer routers to carry out its attacks, Microsoft said. Those affected have been notified and assisted in their response, the company noted.

SolarWinds confirmed over the weekend that it was notified by Microsoft about a security issue in the Serv-U software. The error was related to the product’s managed file transfer and secured FTP, which it has since patched.

SolarWinds became known during December in December after it was the subject of a cyber attack in the supply chain that affected 18,000 of its customers, including nine US authorities. In January, US intelligence released a joint statement calling Russia the most likely source of the hack. The month after, Reuters reported that suspected Chinese hackers had exploited a bug in SolarWinds’ software to help break into US government computers last year. The latest vulnerability is not related to the so-called Sunburst supply chain attack, SolarWinds said.

All products recommended by Engadget are selected by our editorial staff, regardless of the parent company. Some of our stories include affiliate links. If you buy something through one of these links, we can earn an affiliate commission.


Source link