New Blog Post | Microsoft discovers threat actor targeting SolarWinds Serv-U software

%3CLINGO-SUB%20id%3D%22lingo-sub-2548939%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Microsoft%20discovers%20threat%20actor%20targeting%20SolarWinds%20Serv-U%20software%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548939%22%20slang%3D%22en-US%22%3E%3CDIV%20id%3D%22tinyMceEditorJasonCohen1892_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Serv-U-console.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F295894iC566DF384C7319F3%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Serv-U-console.png%22%20alt%3D%22Serv-U-console.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F07%2F13%2Fmicrosoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20discovers%20threat%20actor%20targeting%20SolarWinds%20Serv-U%20software%20with%200-day%20exploit%20%7C%20Microsoft%20Security%20Blog%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EMicrosoft%20has%20detected%20a%200-day%20remote%20code%20execution%20exploit%20being%20used%20to%20attack%20SolarWinds%20Serv-U%20FTP%20software%20in%20limited%20and%20targeted%20attacks.%20The%20Microsoft%20Threat%20Intelligence%20Center%20(MSTIC)%20attributes%20this%20campaign%20with%20high%20confidence%20to%20DEV-0322%2C%20a%20group%20operating%20out%20of%20China%2C%20based%20on%20observed%20victimology%2C%20tactics%2C%20and%20procedures.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2548939%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EThreat%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft
 

Serv-U-console.png

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit | Microsoft...

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures.

0 Replies