The SolarWinds hack, which targeted US government agencies and corporations, has been one of the most significant cyberattacks in recent history. While Russia has been identified as the primary suspect behind the attack, China has also been linked to the incident through a number of sources.
In this article, we will explore the various sources that have pointed to China’s potential involvement in the SolarWinds hack.
APT10 or Stone Panda
The Advanced Persistent Threat group 10 (APT10), also known as Stone Panda, is a Chinese cyber espionage group that has been active since at least 2010. The group is believed to have been behind a number of high-profile cyberattacks, including the theft of sensitive data from the US Navy and the hacking of companies involved in the manufacture of semiconductors.
According to a report by cybersecurity firm FireEye, APT10 has targeted organizations in a range of industries, including healthcare, telecommunications, and engineering. The report also noted that APT10’s activities were consistent with those of a state-sponsored group.
In the case of the SolarWinds hack, APT10 has been identified as a possible suspect by a number of sources. According to a report by the cybersecurity firm Volexity, the SolarWinds hackers used tools and techniques that were similar to those used by APT10 in previous attacks.
In addition, a report by the cybersecurity company Secureworks noted that APT10 had previously targeted SolarWinds’ software. The report suggested that the group may have gained access to SolarWinds’ source code, which would have allowed them to insert a backdoor into the software.
While these reports do not provide definitive evidence of China’s involvement in the SolarWinds hack, they do suggest that APT10 should be considered a possible suspect.
Supply Chain Attacks
One of the key methods used in the SolarWinds hack was a supply chain attack. This type of attack involves targeting a third-party vendor that provides software or services to the target organization. By compromising the vendor, the attackers are able to gain access to the target organization’s networks and systems.
In the case of the SolarWinds hack, the attackers targeted SolarWinds’ Orion software, which is used by many of its customers to manage their IT networks. By compromising SolarWinds’ software, the attackers were able to gain access to the networks of SolarWinds’ customers, including several US government agencies.
While the exact details of how the attackers compromised SolarWinds’ software are not yet known, some experts have suggested that the attackers may have targeted SolarWinds’ supply chain in order to gain access to the software.
According to a report by the cybersecurity company Cybereason, China has a history of targeting supply chain attacks. The report noted that Chinese hackers have previously targeted software vendors in order to gain access to the networks of their customers.
The report also noted that China has a particular interest in targeting US government agencies and contractors, and that the SolarWinds hack would have provided the attackers with access to a wealth of sensitive information.
China has a long history of engaging in cyber espionage, particularly against the US government and US-based companies. The Chinese government is believed to use cyber espionage as a tool of economic and strategic espionage, stealing intellectual property and other sensitive information in order to gain a competitive advantage.
In recent years, China has been linked to a number of high-profile cyberattacks, including the theft of data from US defense contractors and the hacking of companies involved in the manufacture of semiconductors.
According to a report by the cybersecurity firm Mandiant, China has been linked to more than 90% of cyber espionage cases. The report noted that Chinese hackers have targeted a range of industries, including healthcare, aerospace, and defense.