SolarWinds Says Unknown Hackers Exploited Newly Discovered Software Flaw

SolarWinds software program agency says that unknown hackers exploited a beforehand unknown flaw in two of its programmes to go after “a limited, targeted set of customers.”

The statement, issued over the weekend, didn’t establish the hackers concerned.

In a question-and-answer web page appended to the assertion, SolarWinds mentioned the flaw was “completely unrelated” to final yr’s hack of presidency networks by alleged Russian spies, a sprawling espionage operation that used the Texas-based software program firm as a springboard to interrupt into goal networks.

The web page added that SolarWinds “is unaware of the identity of the potentially affected customers” caught up within the newest hacking marketing campaign.

SolarWinds credited Microsoft researchers for locating the bug. The firm mentioned, “SolarWinds was lately notified by Microsoft of a safety vulnerability associated to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability. While Microsoft’s analysis signifies this vulnerability exploit entails a restricted, focused set of shoppers and a single menace actor, our joint groups have mobilised to deal with it rapidly.

“The vulnerability exists within the newest Serv-U model 15.2.3 HF1 launched May 5, 2021, and all prior variations. A menace actor who efficiently exploited this vulnerability may run arbitrary code with privileges. An attacker may then set up programmes; view, change, or delete information; or run programmes on the affected system.

SolarWinds didn’t instantly return a Reuters request in search of touch upon the announcement. Microsoft declined to remark.

© Thomson Reuters 2021