Second SolarWinds Hack Deepens Fears
It appears that not only Russia but also China targeted the company, a reminder of the many ways interconnectedness can go wrong.
IT'S BEEN MORE than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia wasn't alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.
SolarWinds patched the vulnerability in December that the alleged China hackers exploited. But the revelation underscores the seemingly impossible task that organizations face in dealing with not only their own security issues but also potential exposure from the countless third-party companies they partner with for services that range from IT management to data storage to office chat. In today's interconnected landscape, you're only as strong as your weakest vendor.
Read the full article from Wired here:https://www.wired.com/story/solarwinds-hack-china-usda/