Solar winds the vulnerabilities continue to be targeted by foreign hackers months after the US information technology company suffered a widespread cyberattack. On Tuesday, Microsoft said a group operating from China was using zero-day remote code execution to attack SolarWinds software. If successfully exploited, the computer company’s Serv-U software flaw allows hackers to perform actions such as installing and running malicious payloads or viewing and modifying data, a noted Microsoft in a blog post.
As part of its investigation, Microsoft said it observed the hacking group targeting organizations in the U.S. military and software research and development industries. The company designated the actor as DEV-0322 in reference to its status as an unidentified “development group”. Microsoft has explained that it uses the tag before reaching a high level of confidence in the origin or identity of a hacker. The Chinese-based group is using commercial VPN solutions and compromised consumer routers to carry out its attacks, Microsoft said. Those affected have been informed and assisted in their response, the company noted.
Solar winds confirmed over the weekend he was informed by Microsoft of a security breach in its Serv-U software. The flaw was related to the product’s managed file transfer and secure FTP, which it has since patched.
SolarWinds gained notoriety overnight in December after being the subject of a supply chain cyberattack which reached 18,000 of its clients, including nine US government agencies. U.S. intelligence issued a joint statement in January naming Russia as the most likely source of the hack. The next month, Reuters reported that suspected Chinese hackers exploited a separate flaw in SolarWinds software to help crack U.S. government computers last year. The latest vulnerability is unrelated to the so-called Sunburst supply chain attack, SolarWinds said.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.