Microsoft has revealed that the massive SolarWinds cyber attack was operated by a group of hackers from China.<\/p>\n
Microsoft Threat Intelligence Centre (MSTIC) team detected a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.<\/p>\n
“MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” the company said in an update on Wednesday.<\/p>\n
To carry out the attack, hackers installed a malware in the Orion software sold by the IT management company SolarWinds. Reports suggested that the hackers compromised at least 250 federal agencies and top enterprises in the US.<\/p>\n
The zero-day attack was first spotted in a routine Microsoft 365 Defender scan.<\/p>\n
“The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update their instances of Serv-U to the latest available version,” Microsoft advised.<\/p>\n
According to Microsoft, the hackers compromised ‘SolarWinds’ software allowing them to “impersonate any of the organisation’s existing users and accounts, including highly privileged accounts.”<\/p>\n
The company said it had discovered its systems were infiltrated “beyond just the presence of malicious ‘SolarWinds’ code.”<\/p>\n
It may take several months for the US government to complete the investigation into the SolarWinds hack.<\/p>\n
Alarmed at repeated cyber-attacks on the country especially after at a key fuel pipeline, US President Joe Biden has signed an executive order, implementing new policies to improve national cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft has revealed that the massive SolarWinds cyber attack was operated by a group of hackers from China. Microsoft Threat Intelligence Centre (MSTIC) team detected a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. “MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” the company said in an update on Wednesday. To carry out the attack, hackers installed a malware in the Orion software sold by the IT management company SolarWinds. Reports suggested that the hackers compromised […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7],"tags":[],"class_list":["post-798748","post","type-post","status-publish","format-standard","hentry","category-it-2"],"acf":[],"_links":{"self":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts\/798748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/comments?post=798748"}],"version-history":[{"count":0,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts\/798748\/revisions"}],"wp:attachment":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/media?parent=798748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/categories?post=798748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/tags?post=798748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}