Chinese hackers breached U.S. payroll agency via SolarWinds
Suspected Chinese state hackers compromised the Department of Agriculture’s National Finance Center (NFC) last year using a second “software flaw” used on the SolarWinds platform, reports Reuters.
Why it matters: The Chinese-authored breach could represent a potentially catastrophic leak of sensitive personal information of U.S. government officials — information that China’s spy services will be keen to exploit for counterintelligence purposes.
- The flaw, which is unconnected to the massive Russian-authored compromise of SolarWinds, was used to penetrate the National Finance Center, or NFC, which is “responsible for handling the payroll of multiple government agencies, including several involved in national security, such as the FBI, State Department, Homeland Security Department and Treasury Department,” former officials told Reuters.
It’s unclear how much data was potentially accessed or exfiltrated by the Chinese hackers, but “records held by the NFC include federal employee social security numbers, phone numbers and personal email addresses as well as banking information,” and the agency is responsible for maintaining payroll for over 600,000 federal employees, writes Reuters.
- The hackers “used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies,” sources told Reuters, leading investigators to attribute the breach to a Chinese state group.
Between the lines: The alleged NFC hack follows a well-established pattern for Chinese cyber operators, who have often focused on targeting large government and private-sector datasets that contain sensitive personal information.
- China’s spy agencies, often aided by China’s private technology companies, can then marry these datasets together and sift through them to identify potential U.S. intelligence officials, U.S. intelligence assets from China — or even potential recruitment targets for China’s own intelligence services.