Microsoft warns about China-based hacking group that's up to no good (again)

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • China-based hackers linked with SolarWinds Serv-U zero-day exploit attack are back on Microsoft's radar.
  • This time around, said hackers have been going after vulnerable ZOHO ManageEngine ADSelfService Plus software.
  • The threat actors, dubbed by Microsoft as "DEV-0322," have had their activity monitored and exhibit attack patterns that include malware drops for lateral network infiltration, credential dumping, and custom binary installation.

The China-based group of hackers associated with the SolarWinds Serv-U exploits from mid 2021, referred to as "DEV-0322" by Microsoft, is back in the limelight thanks to its efforts to compromise systems utilizing ZOHO ManageEngine ADSelfService Plus software.

DEV-0322's latest activities appear to have a wide net of targets, including those in "the Defense Industrial Base, higher education, consulting services, and information technology sectors," according to Microsoft. The tech giant first spotted the China-based hackers' new operation on September 22, 2021, meaning the dangers have been around for a while now. You can read an in-depth breakdown of the activity Microsoft detected and a host of other technical information over at the company's blog post wherein it gives an overview of the threat actor's work as well as what you, the potentially affected individual, can do to suss out whether you've been compromised.

DEV-0322 is one of many, many groups Microsoft is keeping an eye on. In the company's 2021 Digital Defense Report, it gave details on malicious operations originating from all over the planet, including North Korea, Iran, South Korea, Turkey, and Vietnam. China was also on the list, as was Russia, with the latter nation managing to claim Microsoft's troublemaker-of-the-year award thanks to its 2020 and 2021 SolarWinds activities, among other attacks.

China worked hard to stay on Microsoft's radar as well, however, gaining recognition in the aforementioned report for its cyberattack efforts, including one that may have been used to harvest data for secret AI projects.

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to