SolarWind’s vulnerabilities are still being targeted by foreign hackers months after the US information technology company suffered a major cyber attack. On Tuesday, Microsoft said a group operating out of China used a zero-day remote code execution to attack SolarWinds software. If successfully exploited, the flaw in the IT company’s Serv-U software allows hackers to perform actions such as installing and running malicious payloads or viewing and modifying data, Microsoft noted in a blog post.
As part of the investigation, Microsoft said it had observed the hacking group targeting organizations in the US military research and development and software sectors. The company has designated the actor as DEV-0322 with reference to its status as an unidentified “development group.”
SolarWinds confirmed over the weekend that it was notified by Microsoft about a security issue in the Serv-U software. The error was related to the product’s managed file transfer and secured FTP, which it has since patched.
SolarWinds became known during December in December after it was the subject of a cyber attack in the supply chain that affected 18,000 of its customers, including nine US authorities. In January, US intelligence released a joint statement calling Russia the most likely source of the hack. The month after, Reuters reported that suspected Chinese hackers had exploited a bug in SolarWinds’ software to help break into US government computers last year. The latest vulnerability is not related to the so-called Sunburst supply chain attack, SolarWinds said.
All products recommended by Engadget are selected by our editorial staff, regardless of the parent company. Some of our stories include affiliate links. If you buy something through one of these links, we can earn an affiliate commission.