Wednesday, February 3, 2021

Reuters: A second SolarWinds vulnerability

Chinese hackers may have exploited a second vulnerability in SolarWind's Orion platform to gain access to the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, according to Reuters. The intrusion apparently occurred independently of the Russian hackers who gained access to hundreds of U.S. government and Fortune 1000 networks.


It is not clear yet how many other organizations may have been impacted by this second attack vector. SolarWinds has not yet commented on the matter.

https://www.reuters.com/article/us-cyber-solarwinds-china/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-u-s-payroll-agency-sources-idUSKBN2A22K8