Suspected Chinese hackers exploited a flaw in SolarWinds Corp’s software to break into U.S. government computers last year, five people familiar with the matter said.
The latest revelation marked a new twist in a sprawling cybersecurity breach that U.S. lawmakers have labeled a national security emergency.
Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.
The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software.
Security researchers have previously said a second group of hackers was abusing SolarWinds’ software at the same time as the alleged Russian hack, but the suspected connection to China and ensuing U.S. government breach have not been previously reported.
The Chinese foreign ministry said attributing cyberattacks was a “complex technical issue” and any allegations should be supported with evidence.
SolarWinds said it was aware of a single customer that was compromised by the second set of hackers but that it had “not found anything conclusive” to show who was responsible.
The company added that the attackers did not gain access to its own internal systems and that it had released an update to fix the exploited software bug in December.
A USDA spokesman acknowledged a data breach had occurred but declined further comment. The FBI declined to comment.
Although the two espionage efforts overlap and both targeted the U.S. government, they were separate and distinctly different operations, according to four people who have investigated the attacks and outside experts who reviewed the code used by both sets of hackers.
While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said.
The side-by-side missions show how hackers are focusing on weaknesses in obscure but essential software products that are widely used by major corporations and government agencies.