Now the Chinese are participating. This is one of the most recent allegations that appear the SolarWinds scandal, the “cyber Pearl Harbor” supply chain that appears to have surrounded the entire U.S. government as well as the private sector.
While officials had previously stated Russian hackers were “likely” behind the widespread penetration of federal networks. A new story claims that now Chinese hackers could have exploited a different vulnerability in the same software to access a payroll agency of the U.S. Department of Agriculture.
According to Reuters, anonymous sources claim that a different threat actor managed to exploit the SolarWinds software to join the National Finance Center, a federal payroll agency with USDA. The news organization reports:
The software bug exploited by the alleged Chinese group is different from what the United States accused Russian government agents of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, hijacking Orion network control software of the company.
It’s just the latest in a seemingly endless flood of news related to the massive cyber intrusion scandal. Investigators have tried to understand the extent of the breach, but are struggling. Case in point: the recent discovery that almost a third of the victims of the scandal called “SolarWinds” were not actually customers of SolarWinds and had therefore been compromised by other (hitherto unknown) means.
The whole debacle was initially discovered in December. If you have slept since then, here is the deterioration: The researchers found out hackers had infiltrated government-wide networks, Fortune 500 companies, and other entities using trojanized malware that had been applied to software updates for Orion from SolarWinds, a popular IT management program .
Other recent updates include:
- SolarWinds ’new CEO Sudhakar Ramakrishna claims the hackers had been reading the company’s emails for at least nine months. “Some e-mail accounts were compromised. This led them to compromise other email accounts and consequently our wider system [Office] The 365 environment was compromised, ”the CEO said he told the Wall Street Journal.
- The plumbing company has also announced that it has recently fixed three newly discovered vulnerabilities. Two of these were in Orion’s original software, which caused network outages in federal agencies; the other was in a different product, the SolarWinds Serv-U FTP. This Serv-U vulnerability would have allowed “a trivial remote code execution with elevated privileges.” Threatpost writes.
- The recently confirmed head of the Department of Homeland Security, Alejandro Mayorkas, he said will thoroughly investigate the hack. He also pledged to improve the government’s overall defensive capabilities through “a review of the government’s Einstein incident detection program and CISA’s ongoing diagnosis and mitigation program to assess whether they are truly effective in dealing with cyber threats. “.
G / O Media may receive a commission