Solarwinds exploit software#
Microsoft didn't say if DEV-0322 was targeting software companies, defense contractors, or other types of targets.īeyond the three attacker-affiliated servers already disclosed by SolarWinds, Microsoft provided three additional indicators that people can use to determine if they were hacked. “This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure.” “MSTIC has observed DEV-0322 targeting entities in the US Defense Industrial Base Sector and software companies,” researchers with the Microsoft Threat Intelligence Center wrote in a post. The company said that the attackers are physically located in China and often rely on botnets made up of routers or other types of IoT devices. On Tuesday, Microsoft said it was designating the hacking group for now as “DEV-0322.” “DEV” refers to a “development group” under study prior to when Microsoft researchers have a high confidence about the origin or identity of the actor behind an operation. Austin, Texas-based SolarWinds provided no details about the threat actor behind the attacks or how their attack worked.Ĭommercial VPNs and compromised consumer routers Further Reading Microsoft discovers critical SolarWinds zero-day under active attackSolarWinds disclosed the zero-day on Monday after receiving notification from Microsoft that it had discovered that a previously unknown vulnerability in the SolarWinds Serv-U product line was under active exploit.
0 kommentar(er)
