Security News > 2021 > July > Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
Tonight, Microsoft revealed that the attacks are attributed with high confidence to a China-based threat group tracked as 'DEV-0322.'.
Microsoft says the DEV-0322 hacking group has previously targeted entities in the US Defense Industrial Base Sector and software companies.
Microsoft says they first learned of the attacks after Microsoft 365 Defender telemetry showed a normally harmless Serv-U process spawning anomalous malicious processes.
Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.
News URL
Related news
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)