with Aaron Schaffer

The FBI is reportedly looking at hackers with Chinese ties as the culprits behind another hack of software company SolarWinds. 

Christopher Bing, Jack Stubbs, Raphael Satter and Joseph Menn at Reuters report that the suspected Chinese hackers used a vulnerability to get into a federal government payroll agency covering 600,000 employees, including those working at intelligence agencies. 

This is sure to escalate concerns in Washington about the extent to which foreign actors have accessed government systems undetected through weaknesses in software bought by the government. 

It's unclear whether hackers actually accessed personal data, such as Social Security numbers and banking information from the system. But access to such data could plant the seeds for espionage and blackmail.

Security researchers previously confirmed that a separate hacking group was exploiting SolarWinds at the same time as Russian operatives, but Reuters is the first to report the China connection. Russian hackers infiltrated at least eight government agencies using a different vulnerability found in SolarWinds software.

A spokesman for the U.S. Agriculture Department, which houses the payroll agency, denied it was affected by the SolarWinds breach. The FBI declined to comment to Reuters. The Chinese foreign ministry said it opposes cyberattacks and threats. 

Lawmakers are already weighing in. From Sen. Richard Blumenthal (D-Conn.):

State Department press secretary Ned Price told reporters yesterday that intelligence officials are still investigating the Russian hack of SolarWinds alongside other Russian aggressions.

SolarWinds is still investigating the extent of hackers' access to its own systems. 

The company now believes that hackers had accessed an Office 365 account belonging to the company as early as December 2019, chief executive Sudhakar Ramakrishna told Robert McMillan at The Wall Street Journal. 

That led them to compromise other email accounts and as a result our broader [Office] 365 environment was compromised,” he said. The company has not confirmed if that was the original source of the breach.

Microsoft is one of the confirmed victims of the SolarWinds breach.

About 30 percent of the hackers’ victims had no direct connection with SolarWinds itself, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency recently told The Wall Street Journal. Officials have not named the other software used by hackers, adding to uncertainly about the fallout of the hack.

The payroll hack isn't the only supply chain security concern sparked by China.

Intelligence officials released a report this week warning about the risks of Chinese coronavirus testing kits. Senate Republicans wrote to the Health and Human Services watchdog last week urging her to investigate testing kits purchased by the agency from a Chinese company "in light of documented concerns from the intelligence community."

A CISA official working on the coronavirus response recently said the agency is working around the clock to prevent foreign and criminal hackers from manipulating the country's coronavirus supply chain.

More than a dozen Republican members of the House Homeland Security Committee wrote to President Biden's national security adviser, Jake Sullivan, calling for a briefing on how the administration will handle supply chain and intelligence threats from China.

Biden intends to sign an executive order to review U.S. supply chains involving suppliers from foreign competitors with a focus on coronavirus efforts both The Financial Times and Reuters reported.

The White House did not respond for comment. Biden is scheduled to give his first major speech on U.S. foreign policy on Thursday.

The keys

South Sudan bought Israeli spy equipment, Amnesty International says.

The technology, which was purchased by the country’s intelligence agency from an Israeli subsidiary of U.S. company Verint Systems, is raising fears about the proliferation of Israeli surveillance in the region. 

In a report about the country’s surveillance, Amnesty International wrote that it is “concerned that Verint’s sale of surveillance equipment for use by the Government of South Sudan may have contributed to human rights violations by the [government] in a country without laws to safeguard civilians against unchecked surveillance.”

Amnesty International previously called on Israel to strip NSO Group, a controversial spyware company, of its export license. An Israeli court rejected the request.

Top Pentagon nominee says it would not be “wise” to split NSA and Cyber Command.

Kathleen Hicks, Biden’s nominee for deputy defense secretary, told Sen. Mike Rounds (R-S.D.) that now is not the time to split them up.

“I don’t have a position on the ultimate disposition of the dual-hat arrangement for Cybercom and NSA,” Hicks said. But she says in light of the recent SolarWinds hack, “we are not at a maturation point now with Cybercom that makes an end to the dual-hat arrangement wise in the immediate [future].”

Critics have for years accused the arrangement of imposing military objectives on the intelligence agency. President Barack Obama tried to end the arrangement at the end of his tenure but the Trump administration opted to keep it.

Senate confirms Alejandro Mayorkas as homeland security secretary.

Mayorkas has a host of crises to deal with, and the cyberattack on SolarWinds and other U.S. companies is at the top of the list. His confirmation has been celebrated by lawmakers eager for answers on the breach. 

“Mr. Mayorkas is a seasoned DHS veteran with bipartisan support who has the experience and background we need right now,” House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) said in a statement. “His extensive work on immigration, cybersecurity, and counterterrorism issues make him uniquely qualified to ensure the country remains resilient and secure.”

Mayorkas was confirmed in a 56-to-43 vote. Republicans opposing his confirmation have expressed concerns with his views on immigration policy.

Industry report

Researchers unveil more SolarWinds vulnerabilities.

The vulnerabilities would have allowed hackers to gain high-level control over the software, researchers at Trustwave said. There's no evidence that hackers exploited the recent vulnerabilities. 

The newly announced vulnerabilities were addressed through a patch last week, while a fix to other vulnerable SolarWinds software is being rolled out today, the company said. 

In a statement, the company said that following the cyberattack on it and other U.S. companies, “we have been collaborating with our industry partners and government agencies to advance our goal of making SolarWinds the most secure and trusted software company.” 

Cyber insecurity

Attackers are targeting teachers by email.

The email compromise attack is hitting K-12 teachers, Microsoft Security Intelligence says:

They’ve been trying to get the teachers to purchase gift cards for them. But the emails often come from free email services, and used the coronavirus as a “lure”:

Daybook

  • The House energy and commerce committee holds a hearing on fighting fraud and scams amid the coronavirus pandemic on Thursday at noon.
  • Chris DeRusha, President Biden’s new federal chief information security officer, speaks at the “Identity, Authentication, and the Road Ahead” virtual conference, which is being held on Thursday and Friday. 
  • Anne Neuberger, the deputy national security adviser for cyber and emerging technology, speaks at a meeting of the National Security Telecommunications Advisory Committee on Feb. 10 at 1 p.m. Registration for the free meeting is due Wednesday at 5 p.m.

Chat room

Microsoft Security had this great question for cybersecurity Twitter:

Predictably, this was posted several times, including by Christina Morillo, an information security expert at Marqueta:

And Guardicore's Amit Serper had this to say:

Secure log off

Things aren't going well for voting machine conspiracy theorists: