Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
Jul 14, 2021
Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads or view and alter sensitive data. Tracked as CVE-2021-35211 , the RCE flaw resides in Serv-U's implementation of the Secure Shell (SSH) protocol. While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "unaware of the identity of the potentially affected customers." Attributing the intrusions with high confidence to DEV-0322 (short for "Development Group 0322") based on observed victimology, tactics, and procedures, Micr...