SolarWinds: Unknown hackers exploited software flaw to go after 'targeted customers'

American software firm SolarWinds has said that a group of unknown hackers exploited a previously unknown flaw in two of its programs to go after “a limited, targeted set of customers.” The revelation was made in a statement that stopped short of identifying the hackers involved. It is imperative to note that the incident comes days after a group of Russian hackers attacked IT service provider Kaseya paralyzing thousands of its clients globally. 

Meanwhile, when asked about it, SolarWinds said that said the flaw was "completely unrelated" to last year's hack of government networks by alleged Russian spies, a sprawling espionage operation that used the Texas-based software company as a springboard to break into target networks. In the statement, the company also clarified that it was currently “unaware” of the identity of the “potentially affected customers” caught up in the latest hacking campaign. 

SolarWinds credited Microsoft researchers for finding the bug. “SolarWinds was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability. While Microsoft's research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilized to address it quickly,’ the company elaborated. 

Kaseya attack

On July 2, the Miami-based IT and security provider was hit by a colossal cyberattack by a group of Russian hackers called ‘REvil’. The attack not only affected over 200 businesses across America but also hit over 800 grocery stores in Sweden, all of which were indirectly linked to Kaseya. US President Joe Biden ordered a probe into the attacks, particularly to find out if the hackers were affiliated with Russia. Additional reports suggest that POTUS recently raised the threat in talks with Russian counterpart Vladimir Putin.

FBI has commenced a full-fledged investigation into the matter joining Cybersecurity and Infrastructure Security Agency and US federal agencies “to understand the scope of threat”. In addendum, they have also issued a warning for affected parties asking them to impose all the required mitigation measures.

Image: mbaumi/Unsplash