Now the Chinese are involved. This is one of the latest allegations the SolarWinds scandal, the “cyber Pearl Harbor” supply chain that seems to have enveloped the entire US government as well as the private sector.
While officials stated above Russian hackers were “probably” behind the widespread penetration of federal networks, a new story claims that Chinese hackers could have exploited a different vulnerability in the same software to gain entry into a pay agency of the US Department of Agriculture.
According to Reuters, anonymous sources say that another threatening actor managed to exploit the SolarWinds software to enter the National Finance Center, a federal pay agency with USDA. The news organization reports:
The software failure exploited by the suspected Chinese group is separate from the one that the US accused Russian government agencies of compromising up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the software of the monitoring company Orion network.
It’s just the latest in a seemingly endless flood of news involving the massive cyber intrusion scandal. Investigators have tried to understand the extent of the violation, but are struggling. Case in point: the recent discovery that almost a third of the victims from the so-called “SolarWinds” scandal they were not in fact SolarWinds customers and had therefore been compromised by other (hitherto unknown) means.
The entire disaster was originally discovered in December. If you’ve been asleep since then, here’s the deficit: Investigators found that hackers infiltrated networks across the government, Fortune 500 companies and other entities using Trojan malware that were attached to software updates for Orion, a popular IT management program for SolarWinds.
Other recent updates include:
- SolarWinds’ new CEO, Sudhakar Ramakrishna, claims that hackers have been potentially reading the company’s emails for at least nine months. “Some e-mail accounts have been compromised. This has led them to compromise other email accounts and therefore wider [Office] The 365 environment has been compromised, “said the CEO told the Wall Street Journal.
- The company facing it has also announced that it has recently fixed three newly discovered vulnerabilities. Two of these were in the original Orion software that led to the network breaking into federal agencies; the other is in a different product, SolarWinds Serv-U FTP. This Serv-U vulnerability would have allowed “trivial remote code execution with high privileges”. Threatpost writes.
- The newly confirmed head of the Department of Homeland Security, Alejandro Mayorkas, he said that he will thoroughly investigate the hack. He also promised to increase the government’s overall defensive capabilities through “a review of the government’s Einstein Incident Detection Program and the CISA Diagnostic and Continuous Mitigation Program to assess whether they are truly effective in addressing cyber threats.”
G / O Media may receive a commission