WASHINGTON: Suspected Chinese hackers exploited a flaw in software made by SolarWinds to help break into US government computers last year, five people familiar with the matter told Reuters, marking a new twist in a sprawling cybersecurity breach that US lawmakers have labeled a national security emergency.
Reuters was not able to establish how many organisations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies.
Although the two espionage efforts overlap and both targeted the US government, they were separate and distinctly different operations, according to four people who have investigated the attacks and outside experts who reviewed the code used by both sets of hackers. Former US chief information security officer Gregory Touhill said separate groups of hackers targeting the same software product was not unusual."It wouldn't be the first time we've seen a nation-state actor surfing in behind someone else, it's like 'drafting' in NASCAR," he said, where one racing car gets an advantage by closely following another's lead.
Source: Tech Daily Report (techdailyreport.net)