Expert Insight On Latest Chinese Hackers Exploiting SolarWinds Bug

It was recently reported that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among organisations affected by the SolarWinds bug, fearing the date of government employees may have leaked. This exploitation is believed to be from Chinese group which is separate to the incident where United States balmed Russia for SolarWinds compromised

Experts Comments

February 04, 2021
Tim Erlin
VP of Product Management and Strategy
Tripwire

This attack seems to be an example of more traditional vulnerability exploitation. The attackers discovered a vulnerability in the software an organisation was running and exploited it. Their attack didn’t involve compromising the supply chain.

 

While we’re all focused on the complexity of protecting against supply-chain attacks, it’s important to remember that there are still other software vulnerabilities out there that attackers might exploit. Unfortunately, we can’t shift our focus

.....Read More

This attack seems to be an example of more traditional vulnerability exploitation. The attackers discovered a vulnerability in the software an organisation was running and exploited it. Their attack didn’t involve compromising the supply chain.

 

While we’re all focused on the complexity of protecting against supply-chain attacks, it’s important to remember that there are still other software vulnerabilities out there that attackers might exploit. Unfortunately, we can’t shift our focus to the supply chain, we can only add it to the threat model as another avenue for attack to worry about.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.