Security News > 2021 > July > Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
2021-07-14 10:24

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322.".

While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "Unaware of the identity of the potentially affected customers."

Attributing the intrusions with high confidence to DEV-0322 based on observed victimology, tactics, and procedures, Microsoft Threat Intelligence Center said the adversary singled out entities in the U.S. Defense Industrial Base Sector and software companies.

"This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure," according to MSTIC, which discovered the zero-day after it detected as many as six anomalous malicious processes being spawned from the main Serv-U process, suggesting a compromise.

The development also marks the second time a China-based hacking group has exploited vulnerabilities in SolarWinds software as a fertile field for targeted attacks against corporate networks.

Additional indicators of compromise associated with the attack can be accessed from SolarWinds' revised advisory here.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/knCtlhZLho0/chinese-hackers-exploit-latest.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 101 81 50 265