Illustration for article titled The SolarWinds Hack Just Keeps Getting More Wild

Photo: ANDREW CABALLERO-REYNOLDS/AFP (Getty Images)

Now the Chinese are involved. That’s one of the newest allegations to emerge in the SolarWinds scandal, the supply chain “cyber Pearl Harbor” that seems to have enveloped the entire U.S. government, as well as the private sector.

While officials had previously stated Russian hackers were “likely” behind the extensive penetration into federal networks, a new story now claims hackers from China may have exploited a different vulnerability in the same software to gain entry to a payroll agency within the U.S. Department of Agriculture.

According to Reuters, anonymous sources are saying a different threat actor managed to exploit SolarWinds software to worm its way into the National Finance Center, a federal payroll agency with USDA. The news organization reports:

The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software.

Advertisement

It’s just the latest in a seemingly endless flood of news involving the massive cyber intrusion scandal. Investigators have sought to understand the extent of the breach, but they are struggling. Case in point: the recent discovery that nearly a third of the victims of the so-called “SolarWinds” scandal were not actually SolarWinds customers and, therefore, had been compromised by other (so far unknown) means.

The whole debacle was initially discovered in December. If you’ve been asleep since then, here’s the run-down: Investigators discovered that hackers had infiltrated networks throughout the government, Fortune 500 companies, and other entities using trojanized malware that had been affixed to software updates for SolarWinds’ Orion, a popular IT management program.

Other recent updates include:

  • The new CEO of SolarWinds, Sudhakar Ramakrishna, claims hackers were potentially reading the company’s emails for at least nine months. “Some email accounts were compromised. That led them to compromise other email accounts and as a result our broader [Office] 365 environment was compromised,” the CEO told the Wall Street Journal.
  • The floundering company has also announced it has recently patched three newly discovered vulnerabilities. Two of those were in the original Orion software that led to the network break-ins at federal agencies; the other was in a different product, the SolarWinds Serv-U FTP. This Serv-U vulnerability would’ve allowed “trivial remote code execution with high privileges,” Threatpost writes.
  • The newly confirmed head of the Department of Homeland Security, Alejandro Mayorkas, has said that he will thoroughly investigate the hack. He also promised to enhance the government’s overall defensive capabilities through “a review of the government’s Einstein incident detection program and CISA’s Continuous Diagnostics and Mitigation program to assess if they’re truly effective in addressing cyberthreats.”