Security News > 2021 > July > Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
Tonight, Microsoft revealed that the attacks are attributed with high confidence to a China-based threat group tracked as 'DEV-0322.'.
Microsoft says the DEV-0322 hacking group has previously targeted entities in the US Defense Industrial Base Sector and software companies.
Microsoft says they first learned of the attacks after Microsoft 365 Defender telemetry showed a normally harmless Serv-U process spawning anomalous malicious processes.
Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)