Active Stocks
Mon Mar 04 2024 15:59:52
  1. Tata Steel share price
  2. 153.10 -1.32%
  1. NTPC share price
  2. 353.80 3.50%
  1. Bharti Airtel share price
  2. 1,137.00 0.57%
  1. Larsen & Toubro share price
  2. 3,643.95 -0.28%
  1. Power Grid Corporation Of India share price
  2. 294.45 2.63%
Business News/ Technology / News/  Microsoft links new SolarWinds hacker group to China
BackBack

Microsoft links new SolarWinds hacker group to China

The tool was used by over 400 Fortune 500 companies. Some reports originally suspected the group to be of Russian origin at the time

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. (Photo: Reuters)Premium
Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. (Photo: Reuters)

Tech giant Microsoft has attributed a new cyberattack on IT firm SolarWinds to a Chinese hacker group. The company’s Threat Intelligence Center (MSTIC) said the attacks were carried out by a group called “DEV-0322" who had a “presumed goal" of accessing clients of the United States’ defense industry.

“Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures," the company said in a blog post.

SolarWinds had also suffered a cyberattack in December last year, which was attributed to a Russian hacker group at the time. That hack may have compromised many government agencies and corporates.

MSTIC said it has also observed the hacker group targeting “entities in the US Defense Industrial Base Sector and software companies." It added, “This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure."

The threat intelligence group discovered the zero-day exploit during a “routine investigation" of Microsoft 365 Defender, its enterprise security software suite. SolarWinds had patched the vulnerabilities found by Microsoft on July 9, 2021. “The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system," the company said in its disclosure.

Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

Catch all the Technology News and Updates on Live Mint. Check all the latest action on Budget 2024 here. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
Published: 15 Jul 2021, 12:54 PM IST
Next Story footLogo
Recommended For You
Switch to the Mint app for fast and personalized news - Get App