Connect with us

Hi, what are you looking for?

Economy

Suspected Chinese hackers used the SolarWinds bug to spy on US payroll agency — sources

WASHINGTON — Suspected Chinese hackers exploited a flaw in software made by SolarWinds Corp. to help break into US government computers last year, five people familiar with the matter told Reuters, marking a new twist in a sprawling cybersecurity breach that US lawmakers have labeled a national security emergency.

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the US Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.

The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software.

Security researchers have previously said a second group of hackers was abusing SolarWinds’ software at the same time as the alleged Russian hack, but the suspected connection to China and ensuing US government breach have not been previously reported.

Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies.

A USDA spokesman said in an e-mail “USDA has notified all customers (including individuals and organizations) whose data has been affected by the SolarWinds Orion Code Compromise.”

In a follow-up statement after the story was published, a different USDA spokesman said the NFC was not hacked and that “there was no data breach related to Solar Winds” at the agency. He did not provide further explanation.

The Chinese foreign ministry said attributing cyberattacks was a “complex technical issue” and any allegations should be supported with evidence. “China resolutely opposes and combats any form of cyberattacks and cyber theft,” it said in a statement.

SolarWinds said it was aware of a single customer that was compromised by the second set of hackers, but that it had “not found anything conclusive” to show who was responsible. The company added that the attackers did not gain access to its own internal systems and that it had released an update to fix the bug in December.

In the case of the sole client it knew about, SolarWinds said the hackers only abused its software once inside the client’s network. SolarWinds did not say how the hackers first got in, except to say it was “in a way that was unrelated to SolarWinds.”

The FBI declined to comment.

Although the two espionage efforts overlap and both targeted the US government, they were separate and distinctly different operations, according to four people who have investigated the attacks and outside experts who reviewed the code used by both sets of hackers.

While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates, which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said.

‘EXTREMELY SERIOUS BREACH’
The side-by-side missions show how hackers are focusing on weaknesses in obscure but essential software products that are widely used by major corporations and government agencies.

“Apparently, SolarWinds was a high value target for more than one group,” said Jen Miller-Osborn, the deputy director of threat intelligence at Palo Alto Networks’ Unit42.

Former US chief information security officer Gregory Touhill said separate groups of hackers targeting the same software product was not unusual. “It wouldn’t be the first time we’ve seen a nation-state actor surfing in behind someone else, it’s like ‘drafting’ in NASCAR,” he said, where one racing car gets an advantage by closely following another’s lead.

The connection between the second set of attacks on SolarWinds customers and suspected Chinese hackers was only discovered in recent weeks, according to security analysts investigating alongside the US government.

Reuters could not determine what information the attackers were able to steal from the National Finance Center (NFC) or how deep they burrowed into its systems. But the potential impact could be “massive,” former US government officials told Reuters.

The NFC is responsible for handling the payroll of multiple government agencies, including several involved in national security, such as the FBI, State Department, Homeland Security Department and Treasury Department, the former officials said.

Records held by the NFC include federal employee social security numbers, phone numbers and personal e-mail addresses as well as banking information. On its website, the NFC says it “services more than 160 diverse agencies, providing payroll services to more than 600,000 Federal employees.”

“Depending on what data were compromised, this could be an extremely serious breach of security,” said Tom Warrick, a former senior official at the US Department of Homeland Security. “It could allow adversaries to know more about US officials, improving their ability to collect intelligence.” — Reuters

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.
Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

Latest

Economy

JAKARTA — Armed with the world’s largest reserves of nickel and a ban on the export of nickel ore, Indonesia is making itself indispensable...

Economy

LONDON — Britain faces its largest ever strike by health workers on Monday as tens of thousands of nurses and ambulance workers walk out...

Economy

SINGAPORE — Polluting single-use plastic production rose by 6 million tons per year from 2019 to 2021 despite tougher worldwide regulations, with producers making...

Economy

BAMAKO — The Malian interim government on Sunday said the head of the United Nations (UN) peacekeeping mission’s human rights division had 48 hours...

Economy

LVIV — Ukraine has sent letters to companies that back the International Olympic Committee (IOC) urging them to keep Russian athletes out of the...

Economy

SYDNEY — Australian Prime Minister Anthony Albanese will push for bipartisan support on a referendum that aims to set up an Indigenous consultative committee...

You May Also Like

Investing

Browsing history makes referring to sites and pages you’ve visited in the past seamless. It’ll help you recall what page you checked out on...

Investing

The minute that any question pops into your head, you can simply ask Google. No longer do we have to pour over books and...

Investing

Having a good Instagram marketing agency to back up your Instagram account is an absolute must going into the new year. With competition stronger...

Investing

Insomnia is the most common sleep disorder in the global population. Therefore, it is a problem that many people suffer or have suffered throughout...

Disclaimer: SmartRetirementReport.com, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2021 SmartRetirementReport. All Rights Reserved.