China Suspected In Hack Of US Federal Payroll Agency Using SolarWind Exploit

Tyler Durden's Photo
by Tyler Durden
Tuesday, Feb 02, 2021 - 05:40 PM

Just days after China sent a not-so-subtle warning to Taiwan regarding independence (and by extension, to US President Joe Biden), inside sources at the FBI are leaking details about another cyberattack linked to Solarwind, which made headlines in December after operatives believed to be sponsored by the Russian government used an exploit to compromise classified systems.

This time, however, the villain is China - which federal agents believe used the same SolarWinds exploit as the suspected Russians to break into US government computers and access an unknown quantity of data, according to "five people familiar with the matter."

One of the agencies believed to have been hacked by China is the National Finance Center, an obscure agency in the federal government that handles payroll and other sensitive data. It's housed within the Department of Agriculture, but contains information from employees across the federal government.

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.

The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software. -Reuters

Security experts have long suspected a second actor was involved in the series of SolarWinds breaches, however this is the first report naming China as another bad actor.

The USDA acknowledged the hack to Reuters, while the Chinese foreign ministry parried - instead claiming that the hack was a "complex technical issue," and any allegations should be supported with evidence. "China resolutely opposes and combats any form of cyberattacks and cyber theft," the Chinese Foreign Ministry said in a statement.

SolarWinds, meanwhile, said it was aware of a single customer that was compromised by the second set of hackers but that it had “not found anything conclusive” to suggest who was responsible.

Authorities only fingered the Chinese hackers within the past few weeks, adding to the body of evidence that SolarWinds' cybersecurity was seriously lacking - which is disturbing for a company with such a powerful list of corporate and government clients.

And although Reuters couldn't say for certain what data were accessed, the report suggests that, as with most prior high-profile data breaches involving the federal government, whoever organized it was trying to compile data on federal employees across a wide range of departments, since the NFC handles payroll and other mundane personnel-related tasks for the federal government.

And as with prior attacks, it seems the CCP - or whoever did this - was fishing for private data on American government employees.

Reuters could not determine what information the attackers were able to steal from the National Finance Center (NFC) or how deep they burrowed into its systems. But the potential impact could be “massive,” former U.S. government officials told Reuters.

The NFC is responsible for handling the payroll of multiple government agencies, including several involved in national security, such as the FBI, State Department, Homeland Security Department and Treasury Department, the former officials said.

Records held by the NFC include federal employee social security numbers, phone numbers and personal email addresses as well as banking information. On its website, the NFC says it “services more than 160 diverse agencies, providing payroll services to more than 600,000 Federal employees.” The USDA spokesman said in an email: “USDA has notified all customers (including individuals and organizations) whose data has been affected."

"Depending on what data were compromised, this could be an extremely serious breach of security,” said Tom Warrick, a former senior official at the U.S Department of Homeland Security. "It could allow adversaries to know more about U.S. officials, improving their ability to collect intelligence." -Reuters

One has to wonder if the Biden administration will now slap aggressive sanctions on China, as both Obama and the Trump administration did over 2016 US election meddling.