By now, most people know that hackers tied to the Russian government compromised the SolarWinds software build system and used it to push a malicious update to some 18,000 of the company's customers. On Monday, researchers published evidence that hackers from China also targeted SolarWinds customers in what security analysts have said was a distinctly different operation. The parallel hack campaigns have been public knowledge since December, when researchers revealed that, in addition to the supply chain attack, hackers exploited a vulnerability in SolarWinds software called Orion. Hackers in the latter campaign used the exploit to install a malicious web shell dubbed Supernova on the network of a customer who used the network management tool. Researchers, however, had few if any clues as to who carried out that attack. On Monday, researchers said the attack was likely carried out by a China-based hacking group they've dubbed "Spiral." The finding, laid out in a report published on Monday by Secureworks' Counter Threat Unit, is based on techniques, tactics, and procedures in the hack that were either identical or very similar to an earlier compromise the researchers discovered in the same network. Pummeled on more than one front Further Reading Tens of… Read full this story
- Chinese hackers suspected in USPS breach, data on every employee compromised
- Chinese hacking of US media becoming a “widespread phenomenon”
- Anonymous Hacker Group Uses Zero-Day Vulnerabilities to Attack North Koreans Over 2019 – Google
- Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
- Op-ed—A plea to Google: Protect our e-mail privacy
- Security News This Week: Chinese Hacking Surges Amid Coronavirus Crisis
- Trump dismisses reports of Russian meddling, labels them Democratic 'misinformation campaign'
- Muni system hacker hit others by scanning for year-old Java vulnerability
- Hackers could have credit card numbers of 880,000 Orbitz users
- US Pushes Back Against Russian, Chinese, Iranian Coronavirus Disinformation
Chinese hackers targeted SolarWinds customers in parallel with Russian op have 304 words, post on arstechnica.com at March 9, 2021. This is cached page on IT Breaking News. If you want remove this page, please contact us.