Now the Chinese are involved. This is one of the most recent claims to emerge in the SolarWinds scandal, the “cyber Pearl Harbor” supply chain that appears to have involved the entire United States government as well as the private sector.
While employees had previously stated Russian hackers were “probably” behind the widespread penetration of federal networks, a new story now states that China’s hackers may have exploited a different vulnerability in the same software to gain access to a US Department of Agriculture payroll agency. United States.
According to Reuters, anonymous sources are saying that a different threat actor was able to exploit the SolarWinds software to break into the National Finance Center, a federal USDA payroll agency. The news organization reports:
The software flaw exploited by the alleged Chinese group is separate from the one the United States accused Russian government agents of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, hijacking the company’s Orion network monitoring software.
It is just the latest in a seemingly endless flood of news involving the huge cyber intrusion scandal. Investigators have sought to understand the extent of the breach, but are struggling. Case in point: the recent discovery that almost a third of the victims the so-called “SolarWinds” scandal were not really SolarWinds customers and, therefore, had been compromised by other means (hitherto unknown).
The entire disaster was first discovered in December. If you’ve slept since, here’s the situation: The researchers found that hackers have infiltrated networks across the government, Fortune 500 companies and other entities using trojanized malware that has been posted to software updates for SolarWinds’ Orion, a popular IT management program.
Other recent updates include:
- SolarWinds’ new CEO, Sudhakar Ramakrishna, says the hackers have potentially been reading the company’s emails for at least nine months. “Some email accounts have been compromised. This led them to compromise other email accounts and, as a result, our extensive [Office] The 365 environment has been compromised ”, said the CEO told the Wall Street Journal.
- The debated company also announced that it recently fixed three newly discovered vulnerabilities. Two of them were in the original Orion software that led to network intrusions at federal agencies; the other was in a different product, SolarWinds Serv-U FTP. This Serv-U vulnerability would have enabled “remote execution of trivial code with high privileges”, Threatpost wrotes about.
- The recently confirmed head of the Department of Homeland Security, Alejandro Mayorkas, said it it will thoroughly investigate the hack. He also promised to improve the government’s overall defensive capabilities through “a review of the government’s Einstein incident detection program and CISA’s Continuous Diagnosis and Mitigation program to assess whether they are really effective in addressing cyber threats.”
G / O Media can receive a commission