FBI investigators discovered that allegedly China-linked hackers have exploited a flaw in the SolarWinds Orion software to break into the systems of the U.S. National Finance Center.
The National Finance Center is a federal payroll agency in the U.S. Department of Agriculture, that provides human resources and payroll services to hundreds of federal agencies.
The incident has not been linked to the recently disclosed SolarWinds supply chain attack, in the attack against the NFC the threat actors exploited a different vulnerability.
“Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.” reported the Reuters agency.
“The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software.”
SolarWinds announced it was aware of a successful attack carried out by the second hacker group, but did not attribute it to a specific threat actor. The software provider pointed out that hackers did not compromise its internal network and confirmed that it had already addressed the flaw exploited in the attack.
“In the case of the sole client it knew about, SolarWinds said the hackers only abused its software once inside the client’s network. SolarWinds did not say how the hackers first got in, except to say it was “in a way that was unrelated to SolarWinds.” continues the Reuters.
The U.S. Department of Agriculture confirmed the security breach and “has notified all customers (including individuals and organizations) whose data has been affected by the SolarWinds Orion Code Compromise.”
Later, a different USDA spokesman, denied that the NFC was hacked and added that “there was no data breach related to Solar Winds” at the agency.
According to Reuters’ sources who spoke on condition of anonymity, the threat actors’ tools and C2 infrastructure were employed in past attacks conducted by China-linked threat actors.
The Chinese foreign ministry denied the involvement of Chine in this attack and invited the US authorities to support these allegations with evidence.
“China resolutely opposes and combats any form of cyberattacks and cyber theft,” it said in a statement.
At the time of this writing, Reuters was not able to determine the type and the volume of information the attackers have stolen from the National Finance Center (NFC). Experts highlighted that the potential impact of this security breach could be severe due to the type of data managed by the US agency.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Intel)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.