The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have

SolarWinds says hackers used a zero-day flaw for 'targeted attacks' in a new breach

submited by
Style Pass
2021-07-14 04:00:06

The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have struck again.

SolarWinds says an attacker leveraged a software vulnerability in a company product to carry out “limited, targeted attacks.” The unknown hacker used a zero-day flaw in SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP, which are used to transmit data, to target an unknown number of the firm’s customers. Such access would have allowed hackers to install programs; view, manipulate or delete data; or run their own software on an affected system, SolarWinds said in an advisory.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company statement added. “SolarWinds is unaware of the identity of the potentially affected customers.”

The breach appears to be unrelated to the data breach at SolarWinds uncovered last year, in which suspected state-sponsored Russian hackers exploited SolarWinds’ technology to gain access to an array of victims. By leveraging a seemingly legitimate software update the hacking group known as Cozy Bear allegedly accessed data from the U.S. departments of Treasury, Homeland Security, Justice and six others.

Leave a Comment