On Tuesday, a report had reported by the threat intelligence center of Microsoft. According to that report, by a group of hackers, the Software of solar wind was attacked having an exploit of a zero-day. They call this “DEV-0322”. The main focus of hackers was on the software of Solarwinds ‘Serv-U FTP software. The hackers had the main goal of controlling or accessing the clients of the country, in the industry of US defense. First of all, This attack of Zero-Day was spotted in a random routine checking of Defender of Microsoft Scan 365. In a random, they noticed an unwanted suspicious process. This process of hacking was explained by Microsoft in their blog. But when we see this, it looks like hackers were making themselves administrators of Serv-u and also have other unwanted activities.
ON, Friday, 9 July, SolarWinds gives some report about the exploit of Zero-day, according to that report, it explains that from 5th May and earlier, all the Serv-U releases have the Vulnerability. A hotfix was released by the company, for addressing the issue and the specialized has since been compromised. But if you look about the Microsoft Post, they had written, “If Ser-u’s Secure Shell protocol connected to the internet the hackers could automatically run arbitrary code having privileges and they allow them to carry out various activities like install and run malicious payloads or view and data changes also”. Microsoft also told everyone, if any one of the users still uses older Serv-u software they have to update this as soon as possible. In December 2020, the first hack of SolarWinds had come into the limelight, the hacking had exposed approx hundreds of agencies of government and business. This hack is completely different from the previous hack, now that is widely connected to a Russian state-affiliated hackers group. This hackers group is known as the Cozy Bear. A statement had said by Microsoft, according to them the origination of this Zero-day attack was from China. Microsoft said DEV-0322 has developed an attacking habit that is “entities in the US Defense Industrial Base sector”. Microsoft also write another statement, “DEV-0322 is well known for using Solutions of Commerical VPN and compromised routers of the consumer in their attack infrastructure”
So, after all this problem Microsoft told about that their massive Solarwinds cyber attack now controlled by the group of hackers and these group of hackers are from very famous country China.
This is the biggest nightmare of the Company Microsoft and the Company Microsoft also tells them they know where they are from and want to take the advantage of bad luck of the SolarWind. As mentioned earlier DEV-0322 hacked SolarWind, is not the group of hackers, But Microsoft company itself named this group of hackers ‘DEV-0322’. Microsoft found about these hackers and find about warm them, remember if tried to hack Solarwinds, Solarwinds has already with a hotfix for this above issue and told them if you are affected party then be aware to protect yourself.
