A hacker group, presumably from China, has compromised the computer systems of several US departments using another vulnerability in the SolarWinds software, Reuters reported, citing anonymous sources.
According to the agency, the attackers compromised the network of the National Financial Center (NFC) under the US Department of Agriculture, which, among other things, processes payroll records for employees of more than a hundred US government agencies, including the FBI, State Department, Department of Homeland Security and the Treasury. NFC-maintained records contain a variety of information, including federal agency employees' social security numbers, telephone numbers, personal email addresses, and banking information.
Reuters was unable to find out exactly what information fell into the hands of the hackers, or how deeply they penetrated the NFC systems. It is also not known what other departments could have suffered during the operation of the Chinese hackers.
It is noted that the vulnerability exploited by this group is not related to a bug used to compromise SolarWinds customers in last year's attacks, allegedly Russian hackers were suspected of organizing them. According to Reuters sources, the attackers used the computer infrastructure and tools that were previously "spotted" in the Chinese cyber spy campaigns.
SolarWinds said the company is aware of one case of customer compromise, but has found "nothing convincing" to indicate the involvement of any group. In this case, the hackers exploited the SolarWinds software installed on the client's network. The manufacturer did not disclose exactly how the attackers got into the network, noting only that "this is not related to SolarWinds."
SolarWinds also noted that attackers were unable to gain access to internal systems, and a software vulnerability was fixed last December.
According to the sources involved in the investigation of the attacks, although the two hacker groups carried out operations at approximately the same period, they pursued different goals. While the alleged "Russian hackers" implemented a backdoor in the SolarWinds Orion updates, the second group exploited a separate vulnerability to propagate over already compromised networks.