Microsoft has drawn this to SolarWinds’ attention. Released hotfix Patches a remote code execution (RCE) vulnerability in the implementation of the Secure Shell (SSH) protocol by Serv-U.
“Microsoft has detected a zero-day remote code execution exploit used to attack SolarWinds Serv-UFTP software in a limited and targeted attack. The Microsoft Threat Intelligence Center (MSTIC) has observed this campaign. Based on the victimology, tactics, and procedures that have been carried out, we have a high degree of confidence in our attribution to DEV-0322, a group operating in China. Blog post..
We are investigating how our readers are using VPNs on streaming sites such as Netflix, so we can improve our content and provide better advice. This survey does not take more than 60 seconds. You can also take part in the draw to win a $ 100 Amazon Voucher or one of five 1-year ExpressVPN subscriptions.
The MSTIC blog post states that the DEV-0322 threat group had previously targeted entities and software companies in the US defense industry base sector without sharing details about the latest campaign targets.
This is a malicious process of Serv-U’s main application, Microsoft Defender, This allowed MSTIC to discover the recent DEV-0322 Solar Winds campaign.
This is not the first case, especially if a China-based threat actor turns out to be exploiting a vulnerability in SolarWinds.While unraveling last year Large-scale cyber espionage campaignBlaming the country-sponsored Russian hacker, security researchers have discovered a parallel hacking campaign.
If you dig deeper, Researcher found evidence A China-based threat group known as Spiral that exploits a vulnerability in SolarWinds software called Orion as a stepping stone to deploy a dubbed .NET web shell. SupernovaAlongside the widely reported supply chain attacks.
According to Microsoft, the latest SolarWinds attack seems to come from China
Source link According to Microsoft, the latest SolarWinds attack seems to come from China