China gets in on the SolarWinds act

The CyberWire
|

Automatic TRANSCRIPT

Reuters reports that the fbi investigation of the solar wind supply. Chain attack is looking into evidence that chinese threat actors successfully exploited a vulnerability in the company's software to compromise the national finance center a payroll system operated by the us department of agriculture. The department of agriculture's reaction to the story is ambiguous. The agriculture department emailed reuters to say that. Usda has notified all customers including individuals and organizations whose data has been affected by the solar winds orion code compromise but a second departmental spokesman said after the story broke that there was no data breach related to solar winds at usda but offered no further clarification the vulnerability the chinese threat actors are believed to have exploited is said to be different from the one used by. Unc twenty four fifty two. The thread actor widely believed to be a russian intelligence service. Reuters anonymous sources told them that the campaign used and infrastructure that have been previously deployed by state backed chinese cyber spies as the washington post observes many have suspected another group was also actively exploiting solar winds but reuters. Report is the first to suggest that this second threat actor was connected to the chinese government. The chinese foreign ministry denied any involvement observing i and in fairness correctly that attribution is a complex technical issue the ministry then moved onto unlikely insistence on the usual pieties. China resolutely opposes and combat's any form of cyber attacks and cyber theft. It's doubtful that any government on the planet even say the holy sea or san marino resolutely opposes any form of cyber attack unless cyber attack is construed narrowly as to rule out any form of interception surveillance or retaliation if any pure cyber are running any government. It's doubtful that government is in beijing. Some have said that majors cyber attacks are often more like riots than bank jobs with multiple actors going after the same targets for their own reasons. Reuters quotes former. Us chief information security officer retired air force general gregory to hill. Who thinks it's not that unusual for more than one group to hit the same product. He prefers the racing metaphor to the criminal. One quote it wouldn't be the first time we've seen a nation state actor surfing in behind someone else. It's like drafting in nascar. To heal said it's worth noting that while the national finance center is housed in the department of agriculture. Its responsibilities aren't confined there. The nfc also handles payroll for other government agencies. Some of the more interesting ones from the point of view of national security are the fbi the state department the department of homeland security and the treasury department the nfc claims on its website to payroll more than six hundred thousand employees and also provides customizable and flexible financial management services and integrated shared service solutions. The data held by the nfc would include social security numbers phone numbers personal email addresses and banking information and also associations between individual employees and their agencies. Such information is useful for building. Human target dossiers of individuals of interest and chinese services have shown an appetite for such sweeping collection in the past against the us most notably in the office of personnel management breach of two thousand fifteen

Coming up next