China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server.
Today, SolarWinds released a security update for
a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.
According to SolarWinds, this vulnerability was disclosed by Microsoft, who saw a threat actor actively exploiting it to execute commands on vulnerable customer's devices.
Tonight, Microsoft revealed that the attacks are attributed with high confidence to a China-based threat group tracked as 'DEV-0322.'
"This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure," says a new blog post by the Microsoft Threat Intelligence Center.