Microsoft attributes new SolarWinds attack to a Chinese hacker group
Microsoft’s Threat Intelligence Center (MSTIC) reported on Tuesday that SolarWinds software was attacked with a zero-day exploit by a group of hackers it calls “DEV-0322.” The hackers were focused on SolarWinds’ Serv-U FTP software, with the presumed goal of accessing the company’s clients in the US defense industry.
The zero-day attack was first spotted in a routine Microsoft 365 Defender scan. The software noticed an “anomalous malicious process” that Microsoft explains in more detail in its blog, but it seems the hackers were attempting to make themselves Serv-U administrators, among other suspicious activity.
SolarWinds reported the zero-day exploit on Friday, July 9th, explaining that all of the…