Microsoft Threat Intelligence Centre (MSTIC) on Tuesday revealed a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. Microsoft revealed that the attacks are linked to a China-based threat group tracked as 'DEV-0322.' “MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures," Microsoft said in an update on Wednesday.To carry out the attack, threat actors deployed malware in the Orion software sold by the IT management company SolarWinds. According to the local media outlets, the hackers exploited at least 250 federal agencies and top organizations in the US. Tracked as CVE-2021-35211, the RCE vulnerability resides in Serv-U's implementation of the Secure Shell (SSH) protocol. While it was previously revealed that the attacks were limited in scope, SolarWinds said it's unaware of the identity of the potentially affected customers. “The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update their instances of Serv-U to the latest available version," Microsoft advised. On Tuesday, SolarWinds published a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled. According to SolarWinds, this flaw was disclosed by Microsoft, who saw a hacker actively exploiting it to execute commands on vulnerable customer's devices."This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure," says a new blog post by the Microsoft Threat Intelligence Center. According to Microsoft, the ‘DEV-0322’ hacking group has previously targeted entities in the US Defense Indust ..
Support the originator by clicking the read the rest link below.
