SECURITY
SECURITY
SECURITY
After Microsoft pegged two attackers in December, Chinese hackers linked to SolarWinds hack
Microsoft Corp. identified in December that a second suspected nation-state actor was involved in the now infamous hack of SolarWinds Worldwide LLC, but up until today the narrative in the mainstream media has been that it was just Russian hackers despite proof to the contrary.
Although Russian hackers may well have been involved, finally it’s now being admitted that Chinese hackers were too.
Reuters reported today, referencing five people familiar with the matter, that suspected Chinese hackers exploited a flaw in SolarWind’s Orion software to break into U.S. government computers last year. Describing it as a “new twist,” Reuters said the Chinese hackers exploited a software flaw that was separate from the one exploited by Russian hackers — exactly what Microsoft said in December.
In the words of the Microsoft 365 Defender Research team, “the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor.”
The Chinese hackers are said to have stolen data from the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, with the data of thousands of government employees potentially compromised.
A USDA spokesperson initially told Reuters that it has notified all customers whose data have been affected by the SolarWinds Orion code compromise, then said in a follow-up statement that it had not been hacked and there was no data breach related to SolarWinds.
The Chinese Communist Party also denied the claim, stating that “China resolutely opposes and combats any form of cyberattacks and cyber theft,” adding that any hacking allegations should cite specific evidence.
With more than one threat actor involved in the SolarWinds hack, it was always a game of “advanced persistent threat group bingo” with the likely suspects Russia, China, North Korea or Iran.
U.S. President Joe Biden announced a U.S. intelligence review into the SolarWinds hack Jan. 21. The confirmation of China as one of the countries involved may make that review interesting.
Photo: Pixahive
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
