EXECUTIVE SUMMARY:

Solarwinds’ vulnerabilities

Three new vulnerabilities have been identified in SolarWinds’ products. They were first noted by security experts in December of 2020, and shortly thereafter, were presented to SolarWinds’ staff.

While the company has addressed the vulnerabilities through software patching, they point to how easily hackers could have infiltrated products and systems.

SolarWinds and new suspects

The US Federal Bureau of Investigation recently discovered that the National Finance Center, which is responsible for federal payroll oversight, within the US Department of Agriculture, also experienced a SolarWinds-related breach. Officials and investigators are now concerned about compromised data that belongs to federal employees. Federal employees who may have been affected have received communications about the issue.

This attack appears unrelated to the initial SolarWinds attack. “This is separate from the broad and sophisticated attack that targeted multiple software companies as vectors,” stated a SolarWinds spokesperson.

Theories abounded regarding the initial SolarWinds suspects; the US publicly blamed at least one nation. However, this new piece of the SolarWinds picture has led experts to believe that other groups and adversaries may be behind the attack.

For more on this story, visit NBC News.