Security News > 2021 > July > Hackers use new SolarWinds zero-day to target US Defense orgs
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
This threat group targets publicly exposed Serv-U FTP servers belonging to entities in the US Defense Industrial Base Sector and software companies.
"We observed DEV-0322 piping the output of their cmd.exe commands to files in the Serv-U ClientCommon folder, which is accessible from the internet by default, so that the attackers could retrieve the results of the commands," Microsoft explains in their blog post.
Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.
A "C0000005; CSUSSHSocket::ProcessReceive" exception could indicate that the threat actors attempted to exploit the Serv-U server, but the exception could be shown for other reasons as well.
News URL
Related news
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Hackers abuse Avast anti-rootkit driver to disable defenses (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)