Now the Chinese are involved. That’s one of the latest allegations to emerge the SolarWinds scandal, the Cyber Pearl Harbor supply chain that seems to have enveloped the entire US government, as well as the private sector.
While officials had stated earlier Russian hackers were “likely” behind the extensive penetration into federal networks, a new story now claims that hackers from China may have exploited another vulnerability in the same software to gain access to a payroll system within the US Department of Agriculture.
According to Reutersanonymous sources say another threat actor has managed to misuse SolarWinds software to force his way into the National Finance Center, a federal payroll agency with USDA. The news organization reports:
The software flaw exploited by the alleged Chinese group is unrelated to the one that the United States has accused Russian government officials of exploiting up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software.
It’s just breaking news in a seemingly endless stream of news about the massive cyber-intrusion scandal. Investigators have been trying to understand the scope of the breach, but they are struggling. Case in point: the recent discovery that nearly a third of the victims of the so-called “SolarWinds” scandal were not actually SolarWinds customers and were therefore compromised by other (as yet unknown) means.
The whole debacle was initially discovered in December. If you’ve been sleeping since then, here’s the rundown: Researchers found that hackers had infiltrated government, Fortune 500 companies and other entities using trojanized malware applied to software updates for SolarWinds’ Orion, a popular IT management tool.
Other recent updates include:
- SolarWinds’ new CEO, Sudhakar Ramakrishna, claims hackers may have read the company’s emails for at least nine months. “Some email accounts have been compromised. That led to them compromising other email accounts and, as a result, our wider ones [Office] 365 environment has been compromised, ”said the CEO told the Wall Street Journal.
- The floundering company has also announced that it has recently patched three newly discovered vulnerabilities. Two of them were in the original Orion software that led to network intrusions at federal agencies; the other was in another product, the SolarWinds Serv-U FTP. This Serv-U vulnerability would have allowed ‘high privilege trivial remote code execution’, Threatpost writes.
- Recently confirmed head of the Department of Homeland Security, Alejandro Mayorkas, said that he will thoroughly investigate the hack. He also pledged to improve the government’s overall defensive capabilities by “evaluating the government’s Einstein Incident Detection Program and the CISA Continuous Diagnosis and Risk Mitigation Program to assess whether they are truly effective in tackling cyber threats.”
G / O Media can receive a commission