Microsoft is relentless about upgrading its software and security service. As expected, the MSTIC (Microsoft Threat Intelligence Center) revealed the latest discoveries related to the SolarWinds previous hack that believed the Russian’s are the prime and only suspect.
The MSTIC reportedly discovered a new group they called “DEV-0322” that attacked the cyber-security company, aiming to infiltrate and steal information from SolarWinds clients. It is worth noting that the cybersecurity company has several high profiled clients under its security network, especially the U.S. defense agency.
According to MSTIC, the perpetrators aimed at stealing SolarWinds software called “Serv-U FTP” — this software is presumed to boost the hacker tool to bypass the cyber-security company’s firewall and to access its high profiled clients records.
The DEV-0322 exploited a zero-day default the software company recently spotted during its routine cyber threat scan. The MSTIC used its custom Microsoft 365 Defender and detected anomalous malicious code that depicted the hackers attempted to register themselves as an administrator via Serv-U. Check Microsoft’s blog for more details about Serv-U and other malicious acts via the zero-day vulnerability.
SolarWinds recently published an in-depth analysis about Serv-U’s zero-day vulnerabilities that have been patched accordingly with its custom hotfix. A hotfix is an emerging software the cybersecurity company developed to address its cyberattack issue especially zero-day defaults.
In response to the SolarWinds report, Microsoft consented about likely zero-day vulnerabilities attached to Serv-U’s Secure Shell, SSH, a protocol that appears to be patched but not. The vulnerability of this software can permit bad actors to access future attacks if the SSH protocol connectivity is linked with the internet.
Techbooky suggests anyone running on the older Serv-U FTP server is advised to make immediate upgrades to patch up default. Else the traumatic stress SolarWinds experience at the initial hack is likely to iterate via these vulnerabilities.
Remember, SolarWinds was attacked toward the end of 2020 — at the time the Russian’s believed to orchestrate the attack but the newly discovered DEV-0322 depicts it’s an Asian-originated SolarWinds hack. The outcome exposed several government agencies and private business activities.
According to Microsoft, the DEV-0322 has habitually gone after government-affiliated entities and using VPN as a soluble means to cover their tracks while it discombobulates the SolarWinds router and tech infrastructure. Other hack groups like Cozy Bear have breached Microsoft’s and SolarWinds networks via the DEV-0322 hack tool.