Expert Insight On Latest Chinese Hackers Exploiting SolarWinds Bug

It was recently reported that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among organisations affected by the SolarWinds bug, fearing the date of government employees may have leaked. This exploitation is believed to be from Chinese group which is separate to the incident where United States balmed Russia for SolarWinds compromised

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
InfoSec Expert
February 4, 2021 3:45 pm

<p><span lang=\"EN-US\">This attack seems to be an example of more traditional vulnerability exploitation. The attackers discovered a vulnerability in the software an organisation was running and exploited it. Their attack didn’t involve compromising the supply chain.</span></p> <p> </p> <p><span lang=\"EN-US\">While we’re all focused on the complexity of protecting against supply-chain attacks, it’s important to remember that there are still other software vulnerabilities out there that attackers might exploit. Unfortunately, we can’t shift our focus to the supply chain, we can only add it to the threat model as another avenue for attack to worry about.</span></p>

Last edited 1 year ago by Tim Erlin
1
0
Would love your thoughts, please comment.x
()
x