SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

Microsoft discovered the incident, alerting SolarWinds to the latest apparent breach.
The SolarWinds logo.

The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have struck again.

SolarWinds says an attacker leveraged a software vulnerability in a company product to carry out “limited, targeted attacks.” The unknown hacker used a zero-day flaw in SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP, which are used to transmit data, to target an unknown number of the firm’s customers. Such access would have allowed hackers to install programs; view, manipulate or delete data; or run their own software on an affected system, SolarWinds said in an advisory.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company statement added. “SolarWinds is unaware of the identity of the potentially affected customers.”

The breach appears to be unrelated to the data breach at SolarWinds uncovered last year, in which suspected state-sponsored Russian hackers exploited SolarWinds’ technology to gain access to an array of victims. By leveraging a seemingly legitimate software update the hacking group known as Cozy Bear allegedly accessed data from the U.S. departments of Treasury, Homeland Security, Justice and six others.


The U.S. Securities and Exchange Commission reportedly is investigating whether American companies also affected by that hack failed to report their vulnerability.

In the months since the security vendor FireEye revealed the breach, SolarWinds’ CEO has testified in front of Congress and made a number of public appearances explaining the circumstances. While security personnel initially suggested that attackers first breached SolarWinds in September or October 2019, the firm “recently” learned that intruders may have had access to SolarWinds systems dating back to January 2019, said CEO Sudhakar Ramakrishna.

In its most recent disclosure, SolarWinds says it and Microsoft addressed the matter quickly, adding that it will release more details are victims are notified.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts