It is not the first time that a SolarWinds flaw is being exploited by Chinese threat actors. In February of this year, an investigation found SolarWinds flaws being abused by Chinese hackers.
Secureworks, the security firm that discovered the attacks, named the threat group Spiral (based in China).
The Spiral threat group exploited a zero-day flaw in the Orion IT monitoring platform. The flaw tracked as CVE-2020-10148 allows authentication bypass by remote command execution.
Attackers seem to have found some special interest in SolarWinds, as several threat actors have been attempting to target the company’s products for a long time. To prevent the exploitation of the Serv-U FTP flaw by DEV-0322 or any other threat actor, keeping the application up-to-date is very important. SolarWinds has already released an advisory, which should be implemented as soon as possible.