Chinese hackers exploit new zero-day in SolarWinds software

By

Customers advised to review log files for signs of compromise.

Microsoft's Threat Intelligence Centre has found a new zero-day vulnerability in SolarWinds software, which is currently being exploited by a Chinese hacking group.

Chinese hackers exploit new zero-day in SolarWinds software

SolarWinds network monitoring software was in the headlines at the end of last year and throughout the first half of 2021 after a software update was compromised and used to hack around 18,000 customers worldwide, including US government agencies.

The present vulnerability involves the SolarWinds Serv-U file transfer protocol software and its implementation of the Secure Shell (SSH) encrypted transfer protocol.

"If Serv-U’s SSH is exposed to the internet, successful exploitation would give attackers [the] ability to remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads, or view and change data," MSTIC said.

The bug is currently being exploited by a group MSTIC calls DEV-0322.

Microsoft said it has observed the threat actor running commands on compromised systems, and piping the output from them to the internet accessible \Client\Common folder in the SolarWinds Serv-U directory.

The threat actors have also added themselves as a Serv-U administrator on compromised systems.

SolarWinds has patched the vulnerability and customers are urged to update their Serv-U software as soon as possible.

It is possible to find traces of attacks in the Serv-U DebugSocketLog.txt log file, if exeception error messages appear in it.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?