SolarWinds, the Texas-based software company, has announced that anonymous hackers have breached a previously unknown defect in two of its programs to target “a limited, targeted set of customers.”
According to SolarWinds, the flaw was “completely unrelated” to last year’s hack of government networks by alleged Russian spies, a sprawling espionage operation that used the company as a springboard to break into target networks.
SolarWinds stated in a statement that it “is unsure of the identities of the possibly affected clients” as a result of the recent hacking attack.
“Microsoft recently notified us of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability,” said the company.
As Microsoft’s analysis suggests that the vulnerability exploit only affected a small number of customers and a single threat actor, SolarWinds joint teams have moved fast to resolve it.
The vulnerability is present in the most recent Serv-U version 15.2.3 HF1, which was released on May 5, this year, as well as in all previous versions. An attacker who has successfully exploited this flaw might execute arbitrary code with elevated privileges. On the affected system, an attacker might then install programs; view, change, or remove data or run programs.
Last month, Microsoft had announced that an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers, by a team it identified as responsible for earlier major breaches at SolarWinds.
The US government has publicly attributed the earlier attacks to the Russian government, which denied involvement. Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020, as revealed by Microsoft.