SolarWinds Worldwide LLC, the company targeted in a supply chain attack in December, has released a patch after a new vulnerability in its software was actively targeted by a hacking group.

The new vulnerability was discovered by Microsoft Corp. and relates to SolarWinds Serv-U Managed File Transfer Server and Server U- Secured FTP. Researchers at Microsoft reached out to the company ahead of the details being disclosed, saying that the exploit involves a limited, targeted set of customers and a single threat actor.

The vulnerability is said to exist in the latest version of Serv-U version – 15.2.3 HF1 released May 5 and all prior versions and only when SSH is enabled. According to a July 9 advisory from SolarWinds, a threat actor exploiting the vulnerability could run arbitrary code with privileges. Having gained access, an attacker could then install programs; view, change or delete data; or run programs on the affected system.

A patch, or “hotfix” in the words of SolarWinds, has been released to address the vulnerability. The company recommends customers using the affected software install the updates immediately.

That SolarWinds is being targeted again doesn’t come as a surprise given its well-documented history of software vulnerabilities. Who is targeting SolarWinds this time is unknown, although reference to a threat actor indicates that it may be an advanced persistent threat group. Many APT groups are either directly or indirectly linked to foreign governments.

Although Russia shared most of the blame for the SolarWind’s attack in December, it was found that Chinese hacking groups were also exploiting the same vulnerabilities.

As opposed to the ongoing REvil ransomware attacks where the motivation has been financial, the motivation with groups targeting SolarWinds in the past has always been one of data theft and espionage.

SolarWinds’ customers include not only big businesses but also dozens of government agencies. Some of the known victims of the previous SolarWinds attack are believed to include the U.S. Energy Department and National Nuclear Security Administration, along with the Commerce and Treasury departments and Homeland Security.

On group linked to the original SolarWinds hack, Russian group Nobelium, was targeting Microsoft customers in June and running a phishing campaign in May.

Image: SolarWinds