Chinese spies suspected the vulnerability of other SolarWinds software to compromise computers at the National Treasury and other U.S. government agencies, Reuters reported.
FBI investigators recently found that the National Treasury (a federal payment agency within the U.S. Department of Agriculture – was among the organizations affected by a Chinese hack of SolarWinds last year, Reuters said, citing people who was familiar with the matter. Investigators fear data on thousands of government workers may have been leaked into the attack, Reuters reported.
The hackers were using computer infrastructure and hacking tools previously used by state-backed Chinese cyberspies, according to Reuters. In particular, Reuters reported that the suspected Chinese group was exploiting a flaw in Orion code to help spread over networks they had already compromised. The potential impact of this attack could be “enormous,” former U.S. government officials told Reuters.
[Related: Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access]
SolarWinds told CRN that the customer’s network was compromised in a way unrelated to the company itself, adding that there is no reason to believe the attackers were inside SolarWinds environment at any time. The breach described by Reuters allowed the attack to add malicious Supernova code to Orion software in the customer network, and SolarWinds said it is aware that one example of this is happening.
“This is in contrast to the widespread and aggressive attack that targeted several software companies as vectors,” SolarWinds said in a statement to CRN.
A Department of Agriculture spokesman acknowledged to Reuters that data had been breached and said all affected individuals and organizations had been notified. The FBI rejected Reuters’ request for comment, while China’s foreign ministry told Reuters that the eradication of cyberattacks was a “complex technical issue” and said any allegations should be made. being supported by evidence.
The FBI and the U.S. Department of Agriculture did not immediately respond to CRN requests for comment. Security researchers previously reported that a second group of hackers was abusing SolarWinds software at the same time that Russian hackers attacked the company, but Reuters on Tuesday reported first to describe the suspected connection to China and following a federal breach.
The link between the second set of attacks on SolarWinds customers and Chinese spies was only discovered a few weeks ago, security analysts who were investigating with the U.S. government told Reuters. Reuters said it was unable to determine what information hackers could steal from the National Treasury Center or how deep they dug into the group’s systems.
In addition, Reuters said it was unable to determine how many suspects were the result of Chinese activity outside the National Treasury. The National Finance Center is responsible for handling the multi-agency payroll of government, including several involved in national security such as the FBI and the U.S. Department of Homeland Security, State and Department of Homeland Security. Finance.
Records held by the National Finance Center include Social Security numbers of federal employees, phone numbers, personal email addresses and banking information, according to Reuters. The National Finance Center serves more than 160 diverse organizations, providing payroll services to more than 600,000 federal employees, according to the agency’s website.
FireEye CEO Kevin Mandia said such attacks have become increasingly common and will continue to happen in the future.
“It’s just like every other breakup we’re going to read [where] the threat actors can operate without any risk or impact, ”Mandia told CRN. “This year, they took advantage of SolarWinds with an implant, possibly a vulnerability. Next year, it will be another bid, or many bids. ”