SolarWinds software program agency says that unknown hackers exploited a beforehand unknown flaw in two of its programmes to go after “a limited, targeted set of customers.”
The assertion, issued over the weekend, didn’t establish the hackers concerned.
In a question-and-answer web page appended to the assertion, SolarWinds mentioned the flaw was “completely unrelated” to final yr’s hack of presidency networks by alleged Russian spies, a sprawling espionage operation that used the Texas-based software program firm as a springboard to interrupt into goal networks.
The web page added that SolarWinds “is unaware of the identity of the potentially affected customers” caught up within the newest hacking marketing campaign.
SolarWinds credited Microsoft researchers for locating the bug. The firm mentioned, “SolarWinds was lately notified by Microsoft of a safety vulnerability associated to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability. While Microsoft’s analysis signifies this vulnerability exploit includes a restricted, focused set of consumers and a single menace actor, our joint groups have mobilised to deal with it shortly.
“The vulnerability exists within the newest Serv-U model 15.2.3 HF1 launched May 5, 2021, and all prior variations. A menace actor who efficiently exploited this vulnerability might run arbitrary code with privileges. An attacker might then set up programmes; view, change, or delete knowledge; or run programmes on the affected system.
SolarWinds didn’t instantly return a Reuters request searching for touch upon the announcement. Microsoft declined to remark.
© Thomson Reuters 2021
(THIS STORY HAS NOT BEEN EDITED BY INDIA07 TEAM AND IS AUTO-GENERATED FROM A SYNDICATED FEED.)