San Francisco: Microsoft has revealed that a new SolarWinds cyber-attack was operated by a group of hackers from China.
A Microsoft Threat Intelligence Centre (MSTIC) team detected a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.
“MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” the company said in an update on Wednesday.
The zero-day attack was first spotted in a routine Microsoft 365 Defender scan.
“The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update their instances of Serv-U to the latest available version,” Microsoft advised.
SolarWinds said it was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and has developed a hotfix to resolve this vulnerability.
“While Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilised to address it quickly,” the company said in an update.
SolarWinds faced another cyber-attack in December 2020 that exposed hundreds of government agencies and businesses, that was later connected to a Russian state-affiliated group of hackers.
The US government has also attributed the SunBurst attack that targeted SolarWinds and other technology vendors to Russia.