Security News > 2021 > July > Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322.".
While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "Unaware of the identity of the potentially affected customers."
Attributing the intrusions with high confidence to DEV-0322 based on observed victimology, tactics, and procedures, Microsoft Threat Intelligence Center said the adversary singled out entities in the U.S. Defense Industrial Base Sector and software companies.
"This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure," according to MSTIC, which discovered the zero-day after it detected as many as six anomalous malicious processes being spawned from the main Serv-U process, suggesting a compromise.
The development also marks the second time a China-based hacking group has exploited vulnerabilities in SolarWinds software as a fertile field for targeted attacks against corporate networks.
Additional indicators of compromise associated with the attack can be accessed from SolarWinds' revised advisory here.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/knCtlhZLho0/chinese-hackers-exploit-latest.html
Related news
- Hackers deploy AI-written malware in targeted attacks (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)