A Second Attack On SolarWinds Expose Federal Payroll Info

A Second Attack On SolarWinds Expose Federal Payroll Info

Hackers took advantage of another SolarWinds software vulnerability to compromise computers at US government agencies. It is widely suspected that Chinese hackers were behind the attack.

Among the agencies impacted by the recent hack of SolarWinds was the US National Finance Center (NFC), a federal payroll agency inside the US Department of Agriculture. According to FBI investigators data on thousands of government employees may have been compromised in the attack, Reuters reported.

Anonymous sources said Reuters that the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies. 

The previous attack on SolarWind happened last year, and at the time the United States accused the Russian government of compromising up to 18,000 SolarWinds customers, including federal agencies involved in national security.

In the second attack, the suspected Chinese group exploited a flaw in Orion, an infrastructure monitoring and management platform used by SolarWind. But unlike the Russian hackers, the Chinese hackers exploited the vulnerability only after already breaking into a network by some other means. Attackers added malicious Supernova code to the code in the SolarWind customer’s network that helped them spread across networks they had already compromised. 

Although the two espionage efforts overlap and both targeted the US government, they were separate and distinctly different operations, according to Reuter’s report.

SolarWinds provides computer networking monitoring services to companies and government agencies not only in the US but around the world. At this point, it’s not clear how many organizations had been compromised by the suspected Chinese attack, but the potential impact could be “massive,” former US government officials told Reuters. 

The NFC handles the payroll of many government agencies, including the FBI, State Department, Homeland Security Department, and Treasury Department. Data held by the NFC include social security numbers, phone numbers, personal email addresses, and banking information of federal employees.

“This could be an extremely serious breach of security,” said Tom Warrick, a former senior official at the US Department of Homeland Security. “It could allow adversaries to know more about US officials, improving their ability to collect intelligence.”

Following the allegations, the Chinese foreign ministry denied them and said any cyberattack allegations should be supported with evidence. “China resolutely opposes and combats any form of cyberattacks and cyber theft,” it stated.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.