Solar Winds cyber-attack was operated by Chinese hackers: MSTIC

0

Microsoft has revealed that a new SolarWinds cyber-attack was operated by a group of hackers from China.

A Microsoft Threat Intelligence Centre (MSTIC) team detected a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.

“MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” the company said in an update on Wednesday.

The zero-day attack was first spotted in a routine Microsoft 365 Defender scan.

“The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update their instances of Serv-U to the latest available version,” Microsoft advised.

SolarWinds said it was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and has developed a hotfix to resolve this vulnerability.

“While Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilised to address it quickly,” the company said in an update.

SolarWinds faced another cyber-attack in December 2020 that exposed hundreds of government agencies and businesses, that was later connected to a Russian state-affiliated group of hackers.

The US government has also attributed the SunBurst attack that targeted SolarWinds and other technology vendors to Russia.

 

(IANS)

Leave A Reply

Your email address will not be published.