Microsoft attributes new SolarWinds attack to a Chinese hacker group
Illustration by Alex Castro / The Verge
Microsoft’s Threat Intelligence Center (MSTIC) reported on Tuesday that SolarWinds software was attacked with a zero-day exploit by a group of hackers it calls “DEV-0322.” The hackers were focused on SolarWinds’ Serv-U FTP software, with the presumed goal of accessing the company’s clients in the US defense industry.
The zero-day attack was first spotted in a routine Microsoft 365 Defender scan. The software noticed an “anomalous malicious process” that Microsoft explains in more detail in its blog, but it seems the hackers were attempting to make themselves Serv-U administrators, among other suspicious activity.
The Verge is an ambitious multimedia effort founded in 2011