Hackers: The American company SolarWinds, a provider of monitoring and IT management tools for large companies and also for the US government, announced on Tuesday (13) the release of a security update to fix a zero-day vulnerability in servers of the type FTP Serv-U, which allow the exchange of files between computers when remote access (SSH) is turned on.
The patch’s release came shortly after Microsoft announced that a group of hackers, supposedly operating from China, were exploiting the SolarWinds product bug to break into major software companies and even the US Department of Defense.
Microsoft provided the proof-of-concept (POC) to SolarWinds on Monday night, demonstrating how hackers were exploiting the vulnerability. When successful, cybercriminals are able to install programs, view, alter or delete data from hacked systems. SolarWinds has no idea how many customers have been affected.
Who are the hackers who are exploiting the SolarWinds flaw?
Microsoft became aware of the attacks after Microsoft 365 Defender telemetry revealed the execution of a seemingly harmless Serv-U process, spawning abnormal malicious processes. According to the company’s experts, it is very likely that those responsible for the attack are a hacker group based in China, tracked with the code name “DEV-0322”.
In a post posted on the Microsoft Threat Intelligence Center (MSTIC) blog, the Windows owner’s analysts explained that the alleged Chinese group “was observed using commercial VPN solutions and compromised consumer routers during their attack infrastructure.”
Details of the hack can be seen directly in the MSTIC description posted on the Microsoft blog. It is also worth remembering that SolarWinds was already involved in another serious cyber attack recently.