Sources: Chinese hackers are thought to have hacked a payroll agency inside the US Dept. of Agriculture in 2020 by exploiting another bug in SolarWinds software
Update Now Eduard Kovacs / SecurityWeek : China-Linked Hackers Exploited SolarWinds Flaw in U.S. Government Attack: Report Phil Muncaster / infosecurity-magazine.com : US Payroll Agency Targeted in Separate SolarWinds Attack - Report Laura Hautala / CNET : SolarWinds products had three serious security flaws, researchers find SC Media : Three new SolarWinds vulnerabilities found and patched Ken Dilanian / NBC News : More exploitable flaws found in SolarWinds software, says cybersecurity firm Duncan Riley / SiliconANGLE : After Microsoft pegged two attackers in December, Chinese hackers linked to SolarWinds hack Msmash / Slashdot : Suspected Chinese Hackers Used SolarWinds Bug To Spy on US Payroll Agency Celine Castronuovo / The Hill : US payroll agency targeted by Chinese hackers: report Tweets: Jeff Stein / @spytalker : 'While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates...the suspected Chinese group exploited a separate bug in Orion's code to help spread across networks they had already compromised, the sources told @Reuters https://twitter.com/... Zach Dorfman / @zachsdorfman : Big, big story from the formidable Reuters cybersecurity team. https://www.reuters.com/... Hakan / @hatr : ‼️ “The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers” https://www.reuters.com/... Zach Dorfman / @zachsdorfman : “The NFC is responsible for handling the payroll of multiple government agencies, including several involved in national security, such as the FBI, State Department, Homeland Security Department and Treasury Department, the former officials said.” https://www.reuters.com/... Katie Moussouris / @k8em0 : “Records held by the NFC include federal employee SS numbers, phone numbers & personal email addresses as well as banking information. NFC says it “services more than 160 diverse agencies, providing payroll to more than 600,000 Federal employees.” AKA: phishing/bribery directory https://twitter.com/... Ankit Panda / @nktpnd : “Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations” https://www.reuters.com/... Eric Geller / @ericgeller : Yikes. Suspected Chinese hackers broke into a federal payroll agency using a bug in SolarWinds software separate from the one used in the wider-ranging Russian campaign: https://www.reuters.com/... https://twitter.com/... Chris Bing / @bing_chris : 4. The FBI recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised https://www.reuters.com/... Kim Zetter / @kimzetter : Researchers previously said anther group of hackers was using SW software to breach victims at same time attack attributed to Russians occurred; now there's more info. Note: story says Chinese didn't use same flaw Russians used; not sure you can call backdoor Russians used a flaw https://twitter.com/...