{"id":922,"date":"2021-02-03T18:19:19","date_gmt":"2021-02-03T12:49:19","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=922"},"modified":"2021-06-07T10:44:53","modified_gmt":"2021-06-07T05:14:53","slug":"us-federal-agency-got-hacked-using-solarwinds-software-attack","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/us-federal-agency-got-hacked-using-solarwinds-software-attack\/","title":{"rendered":"US Federal Agency Got Hacked Using SolarWinds Software Attack!"},"content":{"rendered":"\n

Federal Bureau of Investigation (FBI) discovered that the National Finance Center, an Untied States Department of Agriculture federal payroll agency got hacked by the SolarWinds backdoor attack.<\/p><\/p>\n\n\n\n

National Finance Center will provide the services of human resources and payroll to 170 federal agencies and about 650000 federal employees since 1973.<\/p><\/p>\n\n\n\n

What Occurs Accurately?<\/strong><\/h2>\n\n\n\n

The USDA confirms that the vulnerability was founded in NFC\u2019s system which is different from the one that was used by the Russian nation-state hackers while compromising the update mechanism of Orion Software and execute the Sunburst backdoor<\/a> attack on SolarWinds customer system.<\/p><\/p>\n\n\n\n

Both the security agencies the FBI and the USDA are not provided any information related to that data breach and what data is compromised, who is affected by it, and many more.<\/p><\/p>\n\n\n\n

\"US<\/figure><\/div>\n\n\n\n

Moreover, the USDA provided a statement that signifying that all the customers are notified whose data has been compromised by this data breach. After the investigation, the agencies are saying that the attackers behind these attacks are suspected to be part of a Chinese hacking group.<\/p><\/p>\n\n\n\n

Several experts also believed that the hacker behind this campaign is based out of China and they use the tools that were previously utilized in Chinese Counterattacks.<\/p><\/p>\n\n\n\n

How this Attached with Supernova?<\/strong><\/h2>\n\n\n\n

After the investigation, the experts said that the attacker is from China but they use the same security bug that was made and deploy by Supernova backdoor<\/a> on the system where the updates have been compromised.<\/p><\/p>\n\n\n\n

The vulnerability is the Solar-winds hack to be resolved and the investigation is still going on Sunburst and Supernova malware attack.<\/p><\/p>\n\n\n\n

Companies that haven\u2019t updated their system have used the scripts that were provided in the Solar-winds advisory that used to protect their system temporarily against the execution of the malware installed.<\/p><\/p>\n\n\n\n

In Supernova, attackers execute a DLL file that assists to establish a remote connection that is used to send, execute, compile various codes on the victim’s network.<\/p><\/p>\n\n\n\n

United States government also shares the list of targets that are affected by this attack.<\/p><\/p>\n\n\n\n