Security News > 2021 > July > Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
Tonight, Microsoft revealed that the attacks are attributed with high confidence to a China-based threat group tracked as 'DEV-0322.'.
Microsoft says the DEV-0322 hacking group has previously targeted entities in the US Defense Industrial Base Sector and software companies.
Microsoft says they first learned of the attacks after Microsoft 365 Defender telemetry showed a normally harmless Serv-U process spawning anomalous malicious processes.
Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.
News URL
Related news
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)