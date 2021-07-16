



On Tuesday, a report was reported by Microsoft’s Threat Intelligence Center. According to the report, a group of hackers attacked the solar wind software using a zero-day attack. They call this “DEV-0322”. The main focus of the hacker was on the software of Solarwinds’ Serv-UFTP software. Hackers have primarily aimed to control or access national clients in the US defense industry. First of all, this zero-day attack was discovered by Defender’s random routine checks in Microsoft Scan 365. Randomly, they noticed an unwanted and suspicious process. This hacking process is described on Microsoft’s blog. However, looking at this, it seems that hackers have made themselves the administrators of Serv-u and are also doing other unwanted activities.

On Friday, July 9th, SolarWinds will provide some reports on zero-day abuse. According to the report, all Serv-U releases have been vulnerable since May 5th. A fix was released by the company to address this issue, after which experts were compromised. However, looking at Microsoft Post, “When Ser-u’s Secure Shell protocol is connected to the Internet, hackers automatically execute arbitrary privileged code, such as installing or executing malicious payloads. You will be able to perform a variety of activities, including changing views and data. ” Microsoft also told everyone that if any of the users are still using older Serv-u software, they need to update it as soon as possible. In December 2020, the first SolarWinds hack came into the limelight, exposing about hundreds of government agencies and businesses. This hack is completely different from previous hacks and is now widely associated with Russian state-owned hacker groups. This hacker group is known as CosyBear. Microsoft has issued a statement that the source of this zero-day attack is from China. Microsoft said DEV-0322 has developed an attack habit that is the “entity of the US defense industry base sector.” Microsoft has also written another statement. “DEV-0322 is well known for its commercial VPN solutions and consumer compromised router use in attack infrastructure.”

Therefore, after all this issue, Microsoft said their massive Solarwinds cyberattack is now controlled by a group of hackers, who are from a very famous Chinese country. It was.

This is Microsoft’s biggest nightmare, and Microsoft also knows where they came from and tells them they want to take advantage of SolarWinds’ bad luck. As mentioned earlier, it wasn’t the group of hackers that DEV-0322 hacked SolarWinds, but Microsoft itself named this group of hackers “DEV-0322.” Microsoft has discovered about these hackers and about warming them up. If you try to hack Solarwinds, please be careful that Solarwinds already has a fix for this issue and protects itself if you are an affected party.

