When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft issues advisory about new SolarWinds cyberattack

Neowin · with 2 comments

Our readers may recall that SolarWinds, VMWare, and Microsoft were targeted in a supply chain attack late last year. The scale of the cyberattack spanned across the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Attackers were even able to access private emails and documents of some companies. Now, Microsoft has published an advisory about yet another 0-day exploit targeting SolarWinds software.

A metaphor showing a person using tweezers to pick up a password from in between binary characters

This time, attackers are utilizing a remote code execution exploit on SolarWinds' Serv-U Managed File Transfer and Secured FTP software in the U.S. Microsoft says that it detected the attack and privately reported it to SolarWinds. The firm then deployed a hotfix to patch the issue last week. The exploit allows attackers to use Serv-U's SSH endpoint exposed to the internet to deploy malicious payloads, execute code remotely, and also read and edit data that they get access to.

Based on attack patterns and strategies, Microsoft believes that the cyberattack is being orchestrated by a relatively obscure Chinese group currently dubbed "DEV-0322". Their malicious attempts currently target software firms and the U.S. Defense Industrial Base Sector.

Microsoft says that it discovered exploitation activity during its routine reviews of Microsoft Defender 365 telemetry. The Microsoft Threat Intelligence Center (MSTIC) then joined forces with the Microsoft Offensive Security Research team, which performed a full-fledged investigation of the root cause of the vulnerability. This was then privately reported to SolarWinds who built and deployed a patch while Microsoft's teams worked to inform affected customers and develop safeguards to crack down on this malicious activity.

If you use the affected SolarWinds software, it is recommended that you view Microsoft's detailed guidance about Indicators of Compromise (IoCs) and attack signatures here, utilize Microsoft 365 Defender, and visit SolarWinds website here for information about upgrade paths to deploy the hotfix.

Report a problem with article
Rear view of the EVGA X570S DARK motherboard
Next Article

EVGA X570S DARK AMD motherboard performing magnificently in alleged early testing

girl reading from a kindle kids edition
Previous Article

Amazon has slashed 36% off the Kindle Kids Edition in today's deals

Join the conversation!

Login or Sign Up to read and post a comment.

2 Comments - Add comment