Security News > 2021 > July > Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
Tonight, Microsoft revealed that the attacks are attributed with high confidence to a China-based threat group tracked as 'DEV-0322.'.
Microsoft says the DEV-0322 hacking group has previously targeted entities in the US Defense Industrial Base Sector and software companies.
Microsoft says they first learned of the attacks after Microsoft 365 Defender telemetry showed a normally harmless Serv-U process spawning anomalous malicious processes.
Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.
News URL
Related news
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)