Suspected Chinese hackers exploit SolarWinds vulnerability to compromise U.S. government

Five people familiar with the matter told Reuters that suspected Chinese (Communist Party of China) Hackers used a software vulnerability created by SolarWinds last year to break into U.S. government computer systems. Members of the U.S. Congress have labeled this a national security emergency.

Reuters exclusively reported on Feb. 2 that two sources revealed that Federal Bureau of Investigation (FBI) investigators recently found that the affected agencies included the National Finance Center (NFC), a federal payroll agency located within the U.S. Department of Agriculture, raising concerns that the data of thousands of government employees may have been compromised.

The software vulnerability exploited by the suspected Chinese (Communist Party of China) group is not the same as the recent case in which the United States accused Russian government agents of causing a data breach of up to 18,000 SolarWinds customers by hijacking SolarWinds’ Orion network monitoring software.

Security researchers had previously said a second group of hackers were exploiting SolarWinds’ software vulnerabilities to launch attacks at the same Time that Russian hackers were abusing the company’s software vulnerabilities to conduct cyberattacks. But the attacks were not previously reported as possibly being linked to China (the Chinese Communist Party) and the intrusion of U.S. government agencies.

Reuters could not determine how many agencies were compromised by the suspected Chinese Communist Party hacking operation. Sources, who spoke on condition of anonymity to discuss the ongoing investigation, said the attackers used computer infrastructure and hacking tools previously deployed by (Chinese Communist Party) state-sponsored Chinese cyberspies.

China firmly opposes and combats any form of cyberattack and cybertheft, the Communist Party’s foreign ministry said in a statement.

SolarWinds said it was aware that a customer had been attacked by a second group of hackers, but “no definitive information has been found” to indicate who was responsible for the attack. The company added that the attackers did not have access to SolarWinds’ internal systems and that the company released an update in December to fix the software bug that was exploited.

A spokesman for the U.S. Department of Agriculture acknowledged the data breach, but declined to comment further. The Federal Bureau of Investigation declined to comment.

Four people who investigated both attacks, as well as outside experts who reviewed the code used by the two groups of hackers, said that while the two spying campaigns overlapped and both targeted the U.S. government, they were separate (operations) and distinct.

The alleged Russian hackers penetrated deep into the SolarWinds network and hid a “back door” in an Orion software update that was then sent to customers, but the suspected Chinese Communist group used a separate bug in the Orion code to help launch the hack, the sources said.

In December 2020, it was widely reported in the media that hackers had penetrated all levels of the U.S. government and large corporations through SolarWinds, posing a serious threat. U.S. government agencies, including the Departments of Defense, State, Homeland Security, Energy, Treasury and Commerce, were found to have been hacked with the help of SolarWinds.

Security analysts assisting the U.S. government’s investigation told Reuters that only in recent weeks have links been found between a second set of attacks on SolarWinds customers and suspected Chinese (Communist Party of China) hackers.

Reuters could not determine what information the hackers stole from the national financial center or how deep they penetrated into the NFC system. But former U.S. government officials told Reuters that the potential impact could be “enormous.

Former U.S. officials said the NFC handles payroll for several government agencies, including some involved in national security, such as the FBI, the State Department, the Department of Homeland Security and the Treasury Department.

Records held by NFC include federal employees’ Social Security numbers, phone numbers and personal email addresses, as well as banking information. nFC says on its website that it “serves more than one hundred and sixty different agencies and provides payroll services to more than 600,000 federal employees.”

Reuters reports that a USDA spokesperson said in an email, “USDA has notified all of its customers (both individuals and agencies) whose data has been affected.”