China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server. The vulnerability was disclosed by Microsoft, who saw a threat actor actively exploiting it to execute commands on vulnerable customers’ devices. Microsoft revealed that the attacks are attributed with high confidence to a threat group tracked as ‘DEV-0322’ The group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure.
Source: https://www.bleepingcomputer.com/news/microsoft/chinese-hackers-use-new-solarwinds-zero-day-in-targeted-attacks/