Hackers used another loophole in SolarWind software on US government agency Altieres Rohr’s blog

Hackers used another loophole in SolarWind software on US government agency Altieres Rohr's blog

According to Reuters, the National Finance Center (NFC) manages payroll for some US government offices.

Information on the case was passed on by anonymous sources, but the United States Department of Agriculture initially confirmed that it was a victim of hackers and those involved had already been notified. However, the agency reversed after the publication of the agency’s information, contrary to the confirmation issued by the department.

In one way or another, the attack was unrelated to other actions involving SolarWinds, in which hackers sabotaged a program update to include a spy program on the company’s customer network. In this new attack, a breach in the SolarWinds code was detected.

Another difference from this attack is that investigators suspect China’s involvement. In the case of previous invasions, the government of the United States has already spoken publicly, stating that it suspects spying action conducted by the Russians.

  • US agencies point to ‘Russian intelligence operation’ suspected for Solarwinds invasion

China denied being responsible for any action, saying it condemned such actions, as well as criticizing the allegations without evidence. The country’s response is similar to that of Russia, which also denies responsibility for cyber espionage operations.

According to Reuters, hackers took advantage of weakening themselves in Orion to deepen access to the National Finance Center’s network.

Therefore, it is not known how the invaders would have gained early access that allowed them to locate the Orion breech.

The vulnerability to be used against the NFC was decided by SolarWinds in December. The company also released another update in January, which corrects several other security holes identified by Trustwave, a digital security consultant.

Since it emerged as a centerpiece in attacks against the US government and several technology companies, SolarWinds has strengthened with hiring its own security team.

In early January, SolarWinds announced that it would remove Chris Krebs, Trump, former director of the cybersecurity and infrastructure agency, and Alex Stamos, former director of Facebook security.

  • Digital security company Malwarebytes revealed that she was also a victim of SolarWind hackers
  • Hackers attack network technology company to attack US government and FireEye

Questions about security, hackers and viruses? Send to [email protected]

Learn to download legitimate programs

2 minutes Learn to download legitimate programs

Learn to download legitimate programs

Downloading fake apps and programs can cause problems and make your computer or smartphone vulnerable to hackers.

  • See more digital security tips

5 security tips for your digital life

Ask other questions on VIDEO:

Cory Weinberg

About the author: Cory Weinberg

Cory Weinberg covers the intersection of tech and cities. That means digging into how startups and big tech companies are trying to reshape real estate, transportation, urban planning, and travel. Previously, he reported on Bay Area housing and commercial real estate for the San Francisco Business Times. He received a "best young journalist" award from the National Association of Real Estate Editors.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *