US federal employee payroll center also affected by SolarWinds attack

The National Finance Center (NFC), a federal compensation management agency for federal employees, is among the victims of the SolarWinds cyberattack, reveals Reuters. The discovery raises concerns that the data of thousands of federal employees has been compromised by a group of Chinese hackers.

Data from 600,000 employees

The potential impact of this attack could be “hugeformer Washington security officials said. Indeed, the NFC is responsible for several government agencies, such as the FBI, the State Department, the Homeland Security and the Treasury Department.

On its website, the NFC says it provides payroll services to more than “600,000 federal employees.” The information held by this public agency includes employee social security numbers, personal telephone numbers and email addresses, as well as certain bank details.

This information could “enable enemy countries to learn more about US officials, thereby improving their intelligence gathering capabilities. “, worried Tom Warrick, a former senior official in the US Department of Homeland Security.

Separate attacks

But the software flaw exploited by cybercriminals is not the same one used on clients of SolarWinds’ Orion suite. Indeed, a few weeks ago, Microsoft announced in a blog post that a second group of hackers would have targeted SolarWinds products with malware called “Supernova”. However, this is the first time, according to Reuters, that this parallel attack is attributed to Chinese hackers.

For now, it is impossible to know how many organizations have been targeted and / or affected by this campaign of cyber attacks. Only information given by the people contacted by Reuters : hackers are supported by Beijing. An allegation rejected by the Chinese Foreign Ministry which said the attribution of a cyberattack was “a complex technical question“and that any accusation must be supported by evidence.”China opposes and fights all forms of computer attack“, can we read in a press release.

SolarWinds tries to reassure

The news agency asked Texas-based company SolarWinds about this revelation. She replied that she was aware of only one customer who had been compromised by the second group of hackers. The company added that attackers did not gain access to its internal systems and that it released an update to fix the flaw last December.

Although the two waves of cyberattacks overlap and both targeted U.S. federal entities, the operations are quite separate, the sources say. As Russian hackers entered the SolarWinds network and inserted a backdoor into Orion’s updates, the Chinese group exploited a separate flaw in the software suite to spread into already compromised networks.

Former US Federal Director of Information Security under Barack Obama, Gregory Touhill, explained that it was not unusual for separate groups of cybercriminals to target the same software. “It wouldn’t be the first time you’ve seen a nation-state actor surf behind someone else, it’s like “drafting” in NASCAR (motor racing management body, editor’s note) “, he said referring to motor racing where one racing car takes the advantage by closely following the lead of another.

Back to top button