Security News > 2021 > July > Hackers used SolarWinds zero-day bug to target US Defense orgs

Hackers used SolarWinds zero-day bug to target US Defense orgs
2021-07-13 23:54

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.

Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.

This threat group targets publicly exposed Serv-U FTP servers belonging to entities in the US Defense Industrial Base Sector and software companies.

"We observed DEV-0322 piping the output of their cmd.exe commands to files in the Serv-U ClientCommon folder, which is accessible from the internet by default, so that the attackers could retrieve the results of the commands," Microsoft explains in their blog post.

Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.

A "C0000005; CSUSSHSocket::ProcessReceive" exception could indicate that the threat actors attempted to exploit the Serv-U server, but the exception could be shown for other reasons as well.


News URL

https://www.bleepingcomputer.com/news/microsoft/hackers-used-solarwinds-zero-day-bug-to-target-us-defense-orgs/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215