Finding new evidence of hacking the U.S. government using flaws in SolarWinds software

On February 3, 2021, a suspected Chinese hacker used SolarWinds software ' Orion Platform ' to successfully hack into the US government, Reuters reports. This was discovered in a large-scale hacking investigation into the US government by Russian hackers reported on December 13, 2020, and is different from the defect of the Orion Platform used at that time. Is reported to have been used.

Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on US payroll agency – sources --Reuters

The cause of the massive hack discovered on December 13, 2020 was a software update for the Orion Platform distributed in March and June 2020. Hackers have launched a supply chain attack on this software update with malware that adds a backdoor to files.

The update in question has spread to a number of ministries such as the US State Department and the National Nuclear Security Administration (NNSA), as well as 18,000 companies, including private companies such as Microsoft and Cisco , which can be used to intercept government communications. The damage has actually occurred, such as the fact that the source code of Windows is sold for 62 million yen.

It turns out that a large-scale cyber attack on government agencies was approaching nuclear weapons related organizations and Microsoft

According to Reuters, the flaws in the Orion Platform used by the hacker group that surfaced in the investigation are different from the flaws used by the Russian group. However, it is not clear what kind of defect was used, and what kind of organization was hacked is not disclosed. According to sources, the hacker used infrastructure and tools backed by the Chinese government, so it is believed that he is a Chinese hacker. The Chinese Foreign Ministry has described the cause of the hack as 'a complex technical issue' and 'any claim should be supported by evidence.'

Meanwhile, a Reuters report found that FBI agents ' newly found that the United States Department of Agriculture 's payroll agency, the National Finance Center (NFC), was likely to have been damaged, with thousands of civil servants. I'm worried that the data may be at risk, 'he said. NFC is said to be responsible for payroll processing by government agencies such as the FBI and the Department of State, and holds personal information including the telephone numbers and social security numbers of government employees.

Tom Warwick, a former U.S. Department of Homeland Security official, said, 'The compromised data could lead to very serious security problems in the future, which would improve the ability of adversaries to gather information about the U.S. government. There is a possibility of causing it. '

in Security, Posted by log1p_kr