Threats

SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

Microsoft discovered the incident, alerting SolarWinds to the latest apparent breach.

July 12, 2021

The SolarWinds logo.

The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have struck again.

SolarWinds says an attacker leveraged a software vulnerability in a company product to carry out “limited, targeted attacks.” The unknown hacker used a zero-day flaw in SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP, which are used to transmit data, to target an unknown number of the firm’s customers. Such access would have allowed hackers to install programs; view, manipulate or delete data; or run their own software on an affected system, SolarWinds said in an advisory.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company statement added. “SolarWinds is unaware of the identity of the potentially affected customers.”

The breach appears to be unrelated to the data breach at SolarWinds uncovered last year, in which suspected state-sponsored Russian hackers exploited SolarWinds’ technology to gain access to an array of victims. By leveraging a seemingly legitimate software update the hacking group known as Cozy Bear allegedly accessed data from the U.S. departments of Treasury, Homeland Security, Justice and six others.

The U.S. Securities and Exchange Commission reportedly is investigating whether American companies also affected by that hack failed to report their vulnerability.

In the months since the security vendor FireEye revealed the breach, SolarWinds’ CEO has testified in front of Congress and made a number of public appearances explaining the circumstances. While security personnel initially suggested that attackers first breached SolarWinds in September or October 2019, the firm “recently” learned that intruders may have had access to SolarWinds systems dating back to January 2019, said CEO Sudhakar Ramakrishna.

In its most recent disclosure, SolarWinds says it and Microsoft addressed the matter quickly, adding that it will release more details are victims are notified.

SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

More Like This

Senator urges Meta CEO to maintain election research partnerships

How satellites are pushing security innovation at Amazon

Biden administration nears completion of second cybersecurity executive order with plethora of agenda items

Top Stories

Legal barriers complicate justice for spyware victims

FBI flags false videos impersonating agency, claiming Democratic ballot fraud

More Scoops

SEC hits four companies with fines for misleading disclosures around SolarWinds hack

Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures

Lawmakers question Microsoft president over China ties, repeated breaches

As many as 165 companies ‘potentially exposed’ in Snowflake-related attacks, Mandiant says

CISA emergency directive tells agencies to fix credentials after Microsoft breach

SEC sues SolarWinds and CISO for fraud

Chinese hacking operation puts Microsoft in the crosshairs over security failures

Latest Podcasts

Trellix’s John Fokker on the latest cybercriminal snapshot

Special CyberTalks Edition with National Cyber Director Harry Coker

DomainTools’ Sean McNee on how China is watching the Russia-Ukraine conflict

ReversingLabs’ Saša Zdjelar on the ‘black box’ of commercial software

Government

Technology

Threats

Geopolitics