US payroll agency targeted by Chinese hackers: report

A federal payroll agency was targeted by suspected Chinese hackers who exploited a flaw within SolarWinds software, Reuters reported Tuesday, citing five people familiar with the matter.

The news service reported that two people briefed on the case said that FBI investigators identified the National Finance Center, the payroll agency within the Department of Agriculture (USDA), as one of the organizations impacted, potentially putting thousands of government employees at risk.

A USDA spokesman initially told Reuters that it had “notified all customers (including individuals and organizations) whose data has been affected by the SolarWinds Orion Code Compromise.” In a follow-up statement, the agency said that the National Finance Center was not hacked and that “there was no data breach related to Solar Winds” at the agency.

In response to The Hill’s request for comment, a USDA spokesperson said there was currently no evidence to indicate that data had been breached at the National Finance Center. The spokesperson added that it had notified customers in December of the removal of SolarWinds Orion products following reports of a breach by Russian actors.

Sources who spoke to Reuters on the condition of anonymity said the hackers used tools that have been previously associated with state-supported Chinese cyber operations. 

The Chinese foreign ministry told the outlet that any reported cyberattack was a “complex technical issue.” 

“China resolutely opposes and combats any form of cyberattacks and cyber theft,” the agency said, adding that any hacking allegations should cite specific evidence.

The reported hacking appears to be the latest incident in what officials have labeled an ongoing national security crisis.

Reuters noted that the alleged breach is separate from the hack of SolarWinds software by Russian agents. Much of the federal government, including the Department of Homeland Security (DHS), was compromised in the Russian hacking, along with up to 18,000 domestic and international groups.

First discovered in December, the Russian-led breach was revealed to have lasted more than a year and has been labeled one of the largest cyber incidents in U.S. history. 

Researchers had previously warned of a potential second group infiltrating SolarWinds’s software, though Tuesday’s report from Reuters was the first to identify it as a suspected Chinese operation. 

Reuters added that it was not able to identify the exact number of organizations affected by the reported Chinese hacking. 

The report comes the same day the Senate officially confirmed Alejandro Mayorkas as the new DHS secretary. Mayorkas has indicated that he plans to make cybersecurity a key focus as he leads DHS, which includes the Cybersecurity and Infrastructure Security Agency. 

While Mayorkas received significant pushback from Republicans over concerns on immigration policy, the new secretary has attracted bipartisan support on cybersecurity, with House Homeland Security Committee ranking member John Katko (R-N.Y.) highlighting the SolarWinds breach in congratulating Mayorkas on his confirmation Tuesday. 

“On the heels of one of the most dangerous cyber-attacks our nation has seen, I would urge Secretary Mayorkas to work with Congress, across party lines, to close the troubling gaps in our nation’s cybersecurity posture,” Katko said in a statement.

Updated on Feb. 3 at 10:07 a.m.