Microsoft Corp. identified in December that a second suspected nation-state actor was involved in the now infamous hack of SolarWinds Worldwide LLC, but up until today the narrative in the mainstream media has been that it was just Russian hackers despite proof to the contrary.

Although Russian hackers may well have been involved, finally it’s now being admitted that Chinese hackers were too.

Reuters reported today, referencing five people familiar with the matter, that suspected Chinese hackers exploited a flaw in SolarWind’s Orion software to break into U.S. government computers last year. Describing it as a “new twist,” Reuters said the Chinese hackers exploited a software flaw that was separate from the one exploited by Russian hackers — exactly what Microsoft said in December.

In the words of the Microsoft 365 Defender Research team, “the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor.”

The Chinese hackers are said to have stolen data from the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, with the data of thousands of government employees potentially compromised.

A USDA spokesperson initially told Reuters that it has notified all customers whose data have been affected by the SolarWinds Orion code compromise, then said in a follow-up statement that it had not been hacked and there was no data breach related to SolarWinds.

The Chinese Communist Party also denied the claim, stating that “China resolutely opposes and combats any form of cyberattacks and cyber theft,” adding that any hacking allegations should cite specific evidence.

With more than one threat actor involved in the SolarWinds hack, it was always a game of “advanced persistent threat group bingo” with the likely suspects Russia, China, North Korea or Iran.

U.S. President Joe Biden announced a U.S. intelligence review into the SolarWinds hack Jan. 21. The confirmation of China as one of the countries involved may make that review interesting.

Photo: Pixahive