Microsoft pins recent SolarWinds zero-day attack on Chinese hacker group DEV-0322

Microsoft is confident it’s determined the right group to blame.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

The mostrecent issueto beleaguer SolarWinds, now that the company’sbiggest nightmare of the yearis in the rearview mirror, is the vulnerability found in its Serv-U Managed File Transfer Server and Serv-U Secured FTP Server products. The vulnerability leaves room for an exploit that gives threat actors control over server data and allows program installations.Microsofthas stated it believes it knows the identity of those responsible for taking advantage of SolarWinds' misfortune.

Microsoft attributes the vulnerability exploitation to a group in China, referred to by Redmond as DEV-0322. That is not the name the group uses for itself, but rather, it is how Microsoft names it. This is the Microsoft Threat Intelligence Center’s (MSTIC) labeling process:

“MSTIC tracks and investigates a range of malicious cyber activities and operations. During the tracking and investigation phases prior to when MSTIC reaches high confidence about the origin or identity of the actor behind an operation, we refer to the unidentified threat actor as a “development group” or “DEV group” and assigns each DEV group a unique number (DEV-####) for tracking purposes.”

As for DEV-0322’s operations outside of troubling SolarWinds, Microsoft notes it has seen the group go after those in the U.S. Defense Industrial Base Sector and software companies. DEV-0322 utilizes VPNs and hijacked consumer routers in its infrastructure.

Microsoft’s blog post on the Chinese group outlines the technical details of the SolarWinds product vulnerability and gives those interested in the specifics a better look at what’s going on. Remember that SolarWinds already has a hotfix out for the aforementioned issues, so if you’re an affected party, be sure to protect yourself.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.