US Payroll Agency Targeted in Second SolarWinds Attack

Suspected Chinese state-backed threat actors exploited a SolarWinds Orion bug to compromise a US government payroll agency, a new report has claimed.

The campaign took place last year and was separate to the successful Russian cyber-espionage plot to spy on multiple government departments, five people familiar with the matter told Reuters.

Although the report was unable to clarify how many organizations were targeted, it claimed that the National Finance Center, a federal payroll agency inside the US Department of Agriculture, was one.

This alone could represent a serious national security risk, as the agency apparently handles personal and financial information on employees of the FBI, State Department, Homeland Security Department and Treasury Department, among others.

“Depending on what data were compromised, this could be an extremely serious breach of security,” former Department of Homeland Security official, Tom Warrick, told Reuters. “It could allow adversaries to know more about US officials, improving their ability to collect intelligence.”

Sources claimed that the attackers used hacking infrastructure and tools deployed in the past by Chinese state-backed threat groups. The Chinese government said in a statement that it opposes any cyber-attacks and urged those making the allegations to provide supporting evidence.

Unlike the Russians, who compromised an Orion update to gain a foothold in victim systems, among other tactics, these attackers were already inside victim networks when they exploited a bug in the software to move laterally, according to the report.

Infosecurity has reached out to SolarWinds for more comment on the case. However, it told the newswire that the vulnerability in question had been patched by December.