Software company SolarWinds has revealed that cybercrooks have exploited another vulnerability in its systems, just as the firm had begun to clean up its image after the last assault.
In late 2020, it was revealed that Russian-based hackers had cracked into the company’s IT infrastructure. As SolarWinds products are used by many other companies and organisations, the attackers were then able to use their initial work as a launchpad to compromise another 18,000 organisations, including major US tech companies and government agencies. Such wide-ranging intrusions based on a single initial compromise are typically known as “supply chain attacks”.
The Russian hacking group, referred to as Cozy Bear by the White House officials and as Nobelium by Microsoft, has been identified as a cyberwarfare operation of the Russian foreign-intelligence service, the SVR, by American and British spooks.
Following the hack, SolarWinds enlisted PR crisis management firm Goldin Solutions to mitigate damage to its brand. Verdict, like other media organisations, has since received various testy communications from Goldin in a futile attempt to stop journalists referring to Cozy Bear/Nobelium/APT29/the SVR as the “SolarWinds hackers”. It would seem that managing the brand image of SolarWinds has now become even trickier.
SolarWinds issued a statement over the weekend saying that “limited, targeted set of customers” could have been compromised by a “single threat actor” successfully exploiting a new, previously unknown vulnerability.
“SolarWinds was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and has developed a hotfix to resolve this vulnerability,” Solarwinds wrote.
“While Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilized to address it quickly.”
The new Solarwinds hack was “completely unrelated to the SUNBURST supply chain attack” according to the company, adding that it was unaware of the identity of the cybercriminals behind this new remote code execution exploit.
Russia’s intelligence agencies been resting on their laurels since their earlier attack. In June, Microsoft warned that the previous SVR SolarWinds hackers had been conducting attacks to gain entry into corporate systems against Microsoft and its customers. Earlier this month, US and UK agencies warned that the GRU, another intelligence agency controlled by the Russian military, was conducting brute force cyber attacks against company networks around the world.