Cybercriminals, possibly linked to the Chinese government, are suspected of exploiting a vulnerability in SolarWinds’ Orion software to break into US government networks, last year. Information is from Reuters, which received anonymous testimony from five involved.
According to the agency, this attack, although it also exploited a vulnerability in the same software, unrelated to the attack on the SolarWinds supply chain, in which the researchers believe to be of Russian origin.
According to Reuters sources, the two cybercriminal groups would be abusing Orion software simultaneously. But with different approaches and objectives. The Russians reportedly inserted a backdoor into the service update, while the Chinese exploited a different flaw in the application’s code.
The sources revealed that the FBI is investigating an invasion of the National Finance Center (NFC) system, a payment agency linked to the US Department of Agriculture (USDA). The sources believe that this invasion is related to the Chinese attack.
An NFC spokesman denied any attack or data breach at the agency. But another USDA spokesman confirmed unauthorized access to the department’s network and said he had notified the clients and agencies for which he serves.
Herself SolarWinds recognizes this second attack and claims to be aware of only one affected client, in addition to having found “nothing conclusive” about those responsible. The company also reported that cybercriminals were unable to gain access to the company’s internal systems and that the exploited vulnerability was already fixed in a December 2020 patch.
The FBI did not respond to Reuters’ request for comment, but former US information security chief Gregory Touhill said he was common two distinct cybercriminal groups, working with the same objectives. “It wouldn’t be the first time that we’ve seen a nation-state actor ‘surfing’ after another,” he says.
The NFC is the agency responsible for the payroll of several other government agencies in the U.S., including several involved in national security, such as the FBI, Department of State, Department of Homeland Security and Department of the Treasury.
“Depending on what data has been compromised, this could be an extremely serious security breach,” Tom Warrick, a former employee of the U.S. Department of Homeland Security, told Reuters.
See the original post at: https://thehack.com.br/chineses-podem-ter-explorado-falha-no-mesmo-software-do-ataque-a-cadeia-de-suprimentos-da-solarwinds/?rand=48873