This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Microsoft Threat Intelligence Centre (MSTIC) on Tuesday revealed a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. Microsoft revealed that the attacks are linked to a China-based threat group tracked as ‘DEV-0322.’
“MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” Microsoft said in an update on Wednesday.
To carry out the attack, threat actors deployed malware in the Orion software sold by the IT management company SolarWinds. According to the local media outlets, the hackers exploited at least 250 federal agencies and top organizations in the US.
Tracked as CVE-2021-35211, the RCE vulnerability resides in Serv-U’s implementation of the Secure Shell (SSH) protocol. While it was previously revealed that the attacks were limited in scope, SolarWinds said it’s unaware of the identity of the potentially affected customers.
“The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Chinese Hackers Exploit New SolarWinds Zero-Day in Targeted Attacks