San Francisco, July 15: Microsoft has revealed that a new SolarWinds cyber-attack was operated by a group of hackers from China.
A Microsoft Threat Intelligence Centre (MSTIC) team detected a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.
"MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures," the company said in an update on Wednesday.
The zero-day attack was first spotted in a routine Microsoft 365 Defender scan.
"The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update their instances of Serv-U to the latest available version," Microsoft advised.
SolarWinds said it was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and has developed a hotfix to resolve this vulnerability.
"While Microsoft's research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilised to address it quickly," the company said in an update.
SolarWinds faced another cyber-attack in December 2020 that exposed hundreds of government agencies and businesses, that was later connected to a Russian state-affiliated group of hackers.
The US government has also attributed the SunBurst attack that targeted SolarWinds and other technology vendors to Russia.
(The above story first appeared on LatestLY on Jul 15, 2021 11:55 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).