SolarWinds 0-day gave Chinese hackers privileged access to customer servers

by
Dan Goodin
from Ars Technica - All content on (#5M5P0)
solarwinds-800x534.jpg

Enlarge (credit: Getty Images)

Microsoft said on Tuesday that hackers operating in China exploited a zero-day vulnerability in a SolarWinds product. According to Microsoft, the hackers were, in all likelihood, targeting software companies and the US Defense industry.

SolarWinds disclosed the zero-day on Monday after receiving notification from Microsoft that it had discovered that a previously unknown vulnerability in the SolarWinds Serv-U product line was under active exploit. Austin, Texas-based SolarWinds provided no details about the threat actor behind the attacks or how their attack worked.

Commercial VPNs and compromised consumer routers

On Tuesday, Microsoft said it was designating the hacking group for now as DEV-0322." DEV" refers to a development group" under study prior to when Microsoft researchers have a high confidence about the origin or identity of the actor behind an operation. The company said that the attackers are physically located in China and often rely on botnets made up of routers or other types of IoT devices.

Read 8 remaining paragraphs | Comments

index?i=HEworNhYLdY:Su2xQ7SK-Ko:V_sGLiPB index?i=HEworNhYLdY:Su2xQ7SK-Ko:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments