2.8 C
New York
Saturday, November 23, 2024

SolarWinds: Chinese suspected of attacking US tax authorities

Further attacks weigh on SolarWinds. Bruce Schneier criticizes that the company’s profit was generated by increasing the security risk.

SolarWinds is not getting out of the negative headlines. Just last week, the new SolarWinds boss had to admit that attackers had remained undetected in the company’s Office365 mail system for nine months. The Chinese are now suspected of attacking a US tax authority and stealing personal data from thousands of employees.

Russian hack was just the beginning
In December 2020, attacks on various US authorities became public. The Russian-sponsored group, which is also said to be responsible for the successful break-in at the IT security company FireEye, used infected updates for the Orion network management software from SolarWinds as an attack tool. They channeled this, provided with a valid digital SolarWinds signature, to the company’s update server and from there to the target systems.

Last week, a Trustwave employee discovered three vulnerabilities in SolarWinds products. Two of them, including the most dangerous, remotely exploitable, concern the Orion platform; another is in the FTP server software Serv-U FTP. SolarWinds has already released urgent updates to close the dangerous gaps .

Then the new SolarWinds CEO Sudhakar Ramakrishna, who only took office in January 2021, had to admit in an interview with the Wall Street Journal that attackers were able to hack the internal Office365 mail system as early as December 2019 and gain access to an account. From there, they compromised other mail accounts. According to Ramakrishna, these processes will be further investigated. Only dozen of victims have been officially identified so far, but the attacks could affect up to 18,000 of SolarWinds customers.

China under suspicion

Reuters is now reporting another cyber attack on the National Finance Center, the US Department of Agriculture’s finance agency . This should use other methods than the previous attacks, but also exploit loopholes in the SolarWinds network software . The attackers allegedly used infrastructures and methods that were previously used in other attacks supported by the Chinese government.

The attack on the US tax authorities could affect the data of thousands of employees. This includes social security numbers, phone numbers, personal email addresses, and bank account information. The “National Finance Center” claims to be responsible for the salaries of more than 600,000 employees.

The recent attack on Orion network management software has led the well-known IT security expert Bruce Schneier to criticize SolarWinds : “This horrific IT security is the result of a conscious company decision to reduce costs in favor of short-term profits. SolarWinds increased its profits by increasing it the security risk and then passed that risk on to its customers without their knowledge or consent. “

Dave Triplett
Dave Triplett
Dave is a passionate sports journalist with a knack for capturing the excitement and drama of athletic competition. He has a keen eye for player dynamics, team strategies, and the evolving landscape of sports culture. His articles blend statistical insights with compelling narratives, providing readers with comprehensive coverage and behind-the-scenes perspectives on their favorite athletes and teams.

Latest Posts

Don't Miss

Stay in touch

To be updated with all the latest news, offers and special announcements.