Tech giant Microsoft has attributed the infamous SolarWinds cyberattack last year to a Chinese hacking group. The company’s Threat Intelligence Center (MSTIC) said the attacks were carried out by a group called DEV-0322 with the “alleged aim” of gaining access to US defense industry customers.
“Microsoft has identified a 0-day remote code execution exploit that is used to target the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) ascribes this campaign with great confidence to DEV-0322, a group operating from China based on observed victimologies, tactics and procedures, “the company said in a blog entry.
The SolarWinds attack was discovered last year and is so named because the hackers compromised a popular network monitoring tool called Orion, made by the IT company SolarWinds. The tool was reportedly used by over 400 Fortune 500 companies at the time. Some reports originally suggested that the group was of Russian descent at the time.
MSTIC said it also watched the hacking group targeting “US defense industry base units and software companies” infrastructure. “
The Threat Intelligence Group discovered the zero-day exploit during a “routine investigation” of Microsoft 365 Defender, its enterprise security software suite. SolarWinds had patched the vulnerabilities found by Microsoft on July 9, 2021. U version 15.2.3 HF1 released May 5, 2021 and all earlier versions. An attacker who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker can then install programs, view, change or delete data or run programs on the affected system, “the company said in its Disclosure.
Never miss a story again! Stay connected and informed with Mint. Download our app now !!