A US federal payroll agency was targeted by suspected Chinese hackers who exploited a SolarWinds flaw in a separate hack unrelated to a security breach at SolarWinds reported last year.
Citing sources familiar with the matter, Reuters reported that the hackers used the vulnerability within SolarWinds software to compromise networks of US government agencies, including the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency.
NFC provides human resources and payroll services to over 160 federal agencies and over 650,000 federal employees.
The software flaw exploited by the suspected Chinese hackers is separate from the vulnerability leveraged by suspected Russian state-backed group to compromise the update mechanism of the Orion software to deploy the Sunburst backdoor on SolarWinds customers' systems.
Sources who spoke to Reuters on the condition of anonymity said the hackers used tools that have been previously associated with state-supported Chinese cyber operations.
Reuters said it was not able to determine how many organizations were compromised by the suspected Chinese operation, or what data was stolen from the National Finance Center (NFC). Records held by the NFC include federal employee social security numbers, phone numbers and personal email addresses as well as banking information, Reuters said.
According to the sources, while the two cyber espionage operations targeted US government agencies, they were separate campaigns with different goals. The alleged Russian hackers compromised the SolarWinds network and inserted a malicious code in Orion software updates which were then sent to customers, and the suspected Chinese threat actor exploited a separate bug in Orion’s code to spread across networks they had already compromised.
The Chinese foreign ministry said in a statement that attributing cyber attacks was a “complex technical issue” and any allegations should be supported with evidence.
“China resolutely opposes and combats any form of cyberattacks and cyber theft,” it said.