Technology

SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

Microsoft discovered the incident, alerting SolarWinds to the latest apparent breach.

July 12, 2021

The SolarWinds logo.

The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have struck again.

SolarWinds says an attacker leveraged a software vulnerability in a company product to carry out “limited, targeted attacks.” The unknown hacker used a zero-day flaw in SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP, which are used to transmit data, to target an unknown number of the firm’s customers. Such access would have allowed hackers to install programs; view, manipulate or delete data; or run their own software on an affected system, SolarWinds said in an advisory.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company statement added. “SolarWinds is unaware of the identity of the potentially affected customers.”

The breach appears to be unrelated to the data breach at SolarWinds uncovered last year, in which suspected state-sponsored Russian hackers exploited SolarWinds’ technology to gain access to an array of victims. By leveraging a seemingly legitimate software update the hacking group known as Cozy Bear allegedly accessed data from the U.S. departments of Treasury, Homeland Security, Justice and six others.

The U.S. Securities and Exchange Commission reportedly is investigating whether American companies also affected by that hack failed to report their vulnerability.

In the months since the security vendor FireEye revealed the breach, SolarWinds’ CEO has testified in front of Congress and made a number of public appearances explaining the circumstances. While security personnel initially suggested that attackers first breached SolarWinds in September or October 2019, the firm “recently” learned that intruders may have had access to SolarWinds systems dating back to January 2019, said CEO Sudhakar Ramakrishna.

In its most recent disclosure, SolarWinds says it and Microsoft addressed the matter quickly, adding that it will release more details are victims are notified.

SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

More Like This

House hurtles toward showdown over expiring surveillance tools

Civil society groups press platforms to step up election integrity work

After a sleepy primary season, Russia enters 2024 U.S. election fray

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

FBI director warns of China’s preparations for disruptive infrastructure attacks

More Scoops

CISA emergency directive tells agencies to fix credentials after Microsoft breach

SEC sues SolarWinds and CISO for fraud

Chinese hacking operation puts Microsoft in the crosshairs over security failures

Hackers based in China nab email data from US government agencies

NSA says Chinese hackers are actively attacking flaw in widely used networking device

Federal court system suffered previously undisclosed breach, congressional committee says

SolarWinds hackers set up phony media outlets to trick targets

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics