Security News > 2021 > July > Microsoft names Chinese group as source of new attack on SolarWinds

Microsoft has attributed a new attack on SolarWinds to a group operating in China.

The software giant on Tuesday posted details of the attack, which SolarWinds on Monday patched and revealed as a Return Oriented Programming attack that targets its Serv-U managed file transfer product and allows an attacker to run arbitrary code with privileges, install programs and alter data on cracked targets.

SolarWinds acted promptly to issue the patch, however it and Microsoft both urged swift application because an actor actively exploiting the flaw had already been identified.

"This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure."

Attributing the attack to an actor in China is also notable, as the USA and the Middle Kingdom have a formal No-Hack Pact that prohibits either nation from conducting, or knowingly supporting, efforts to crack systems to steal intellectual property for commercial advantage.

Microsoft says its Defender 365 product is now able to detect the attack, but urged urgent application of SolarWinds' patch.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/14/dev_0322_solarwinds_serv_u_zero_day/