Security News > 2021 > July > Hackers used SolarWinds zero-day bug to target US Defense orgs
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
This threat group targets publicly exposed Serv-U FTP servers belonging to entities in the US Defense Industrial Base Sector and software companies.
"We observed DEV-0322 piping the output of their cmd.exe commands to files in the Serv-U ClientCommon folder, which is accessible from the internet by default, so that the attackers could retrieve the results of the commands," Microsoft explains in their blog post.
Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.
A "C0000005; CSUSSHSocket::ProcessReceive" exception could indicate that the threat actors attempted to exploit the Serv-U server, but the exception could be shown for other reasons as well.
News URL
Related news
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Treasury hackers also breached US foreign investments review office (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Hackers game out infowar against China with the US Navy (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- Subaru Starlink flaw let hackers hijack cars in US and Canada (source)
- US freezes foreign aid, halting cybersecurity defense and policy funds for allies (source)