Economist Matt Stoller writes about this: ![]() Two, SolarWinds’ terrible security is the result of a conscious business decision to reduce costs in the name of short-term profits. Two takeaways: One, we are learning about a lot of supply-chain attacks right now. While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies. ![]() Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised. Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. ![]() ![]() At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor - believed to be Chinese in origin - was using an already existing vulnerability in Orion to penetrate networks:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |