Microsoft suspects hacker attacks on SolarWinds in another country

According to Microsoft, a country other than Russia is behind the hacker attacks.

The American technology company Microsoft, more precisely its division Microsoft Threat Intelligence Center (MSTIC), suspects Chinese hackers from a hacking attack on SolarWinds. More precisely, it is a hacker group called – DEV-0322, which was supposed to misuse the so-called “zero-day exploit”. According to the company, the group was to focus on FTP software from SolarWinds – Serv-U, which was to misuse it to access US companies operating in the defense industry. The attack itself was noticed by the Microsoft 365 Defender antivirus program during a normal scan.

In addition to anomalous malicious activity, the antivirus software also detected an attacker’s attempt to take over administrator rights over the Serv-U software. On June 9, SolarWinds reported exploiting a bug in the program, stating that the bug affected all versions released before May 5. The affected company, meanwhile, has released a patch for the infected versions of the Serv-U software. Microsoft also informs about the Secure Shell (SSH) protocol, which is used in the Serv-U program, where there is a risk of misuse if it is connected to the Internet.

The first attack was to be carried out in December 2020, with Chinese hackers from the DEV-0322 group to be responsible for it. The Russian hacking group Cozy Bear is to be responsible for this current one.

Source: TheVerge, TheVerge,


Source: Technológie by pc.zoznam.sk.

*The article has been translated based on the content of Technológie by pc.zoznam.sk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!