Although months have passed since the Windows Solar attack, foreign hackers continue to exploit vulnerabilities in cyberattacks, and a Chinese group has recently been named that has been attacking Windows Solar software.
Microsoft Says A hacker group in China has attacked Windows Solar software remotely by executing a zero-day code. If the attack was successful, the hackers were able to obtain permission to perform tasks such as installing and executing malicious code and to view or modify information.
Microsoft claims in its investigation that it found that the group targeted organizations related to the US military’s R&D departments. The Redmondians named the hacker group DEV-0322 and described its status as anonymous.
The software giant says it does not label hackers until they are sure of their origin or identity. The group, which operates using commercial platforms in China, has exploited users’ routers. Those affected by the attack have been notified and have received the necessary assistance.
Solar Windows confirmed a few days ago that Microsoft had informed them of the vulnerability in Serv-U software. The vulnerability is related to their file transfer system and FTP, which has now received the necessary updates and the problem has been fixed.
Solar Windows became popular in December last year when its supply chain systems were attacked and 18,000 users, including US government agencies, were affected. The US intelligence service issued a statement in January stating that it considered Russia to be the main source of the attack.
A report later revealed that Chinese hackers had also used Windows Solar vulnerabilities to infiltrate the computers of US government agencies. However, Solar Winds has denied the link to the recent Sunburst attack.