NEW >>> Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency https://reut.rs/3pIC5WB
1. The software flaw ( known as SUPERNOVA) exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers https://www.reuters.com/article/us-cyber-solarwinds-china/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-u-s-payroll-agency-sources-idUSKBN2A22K8
2. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies. https://www.reuters.com/article/us-cyber-solarwinds-china/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-u-s-payroll-agency-sources-idUSKBN2A22K8
3. To be clear, the cyber operation we're reporting on today was not conducted by hacking into SolarWinds. Rather, the Chinese hacking group used a bug in a SW software product (Orion) during an intrusion into an important USG agency https://www.reuters.com/article/us-cyber-solarwinds-china/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-u-s-payroll-agency-sources-idUSKBN2A22K8
4. The FBI recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised https://www.reuters.com/article/us-cyber-solarwinds-china/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-u-s-payroll-agency-sources-idUSKBN2A22K8
5. A USDA spokesperson said the agency had "notified all customers (including individuals and organizations) whose data has been affected"
Are you a fed? Have you received one of these hack notifications? If so, we would like to speak with you
@jc_stubbs @razhael @josephmenn
Are you a fed? Have you received one of these hack notifications? If so, we would like to speak with you
@jc_stubbs @razhael @josephmenn