US federal payroll agency hacked using SolarWinds software flaw

The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report.

NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.

The software vulnerability used to break into NFC’s systems is different than the one used by suspected Russian nation-state hackers to compromise the update mechanism of the Orion software to deploy the Sunburst backdoor on SolarWinds customers’ systems.

Read more…
Source: Bleeping Computer