These Chinese hackers exploited another critical vulnerability in SolarWinds software

Recent security reports mention the possibility of a second massive cyberattack deployed through SolarWinds, this time in charge of a China-based hacking group. Cybersecurity experts mention that supposedly Chinese hackers would have exploited a new flaw during the past supply chain attack, acting independently of the Russian hacking group that would have deployed this campaign.

On the target of this independent attack, Chinese News Asia mentions that the malicious campaign targeted the U.S. Department of Agriculture’s National Finance Center.

Although SolarWinds security teams confirmed that the flaw exploited by these hackers has already been fixed, cybersecurity experts mention that this is a clear sign that companies like SolarWinds remain vulnerable to multiple attacks.

The cybersecurity community mentions that, if companies like SolarWinds are vulnerable to such attacks, these flaws could compromise thousands of organizations that routinely turn to their solutions: “It’s really non-efficient to rely on third-party security,” says Katie Nickels of security firm Red Canary: “Thousands of organizations potentially exposed to an attack aren’t even aware of which SolarWinds solutions they’re using, this is a phenomenon that we detected in the aftermath of the supply-chain attack,” adds the specialist.

In this regard, SolarWinds mentions that the second exploited flaw is significantly different from that exploited by Russian threat actors in the supply chain attack. The company mentions that the flaw that Chinese hackers exploited could only be exploited once the Russians managed to compromise the affected systems.

Finally, experts mentioned that SolarWinds still depends on the use of Microsoft Windows systems, highly vulnerable to cybercriminal group activity, so rethinking this practice might be convenient to the current landscape.  The company is about two decades old but already has a large customer base, including multiple government agencies in the U.S. and the rest of the world.

This does not mean that SolarWinds solutions are the only ones exposed to these incidents. The cybersecurity community still warns of the severe risk that products developed by other companies will be compromised using similar attack variants, so any potential risks need to be addressed. If you want to know more information on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses, feel free to access the International Institute of Cyber Security (IICS) website.