{"id":39922,"date":"2021-03-09T15:36:43","date_gmt":"2021-03-09T15:36:43","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32091\/Chinese-Hackers-Targeted-SolarWinds-Customers-In-Parallel-With-Russian-Op.html"},"modified":"2021-03-09T15:36:43","modified_gmt":"2021-03-09T15:36:43","slug":"chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/","title":{"rendered":"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/solarwinds-800x534.jpg\" alt=\"Chinese hackers targeted SolarWinds customers in parallel with Russian op\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"29 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">37<\/span> <span class=\"visually-hidden\"> with 29 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 129:single\/related:7408fd67bc8475f56fdedd6e21426a59 --><!-- empty --><\/p>\n<p>By now, most people know that hackers tied to the Russian government compromised the SolarWinds software build system and used it to push a malicious update to some 18,000 of the company\u2019s customers. On Monday, researchers published evidence that hackers from China also targeted SolarWinds customers in what security analysts have said was a distinctly different operation.<\/p>\n<p>The parallel hack campaigns have been public knowledge since December, when researchers revealed that, in addition to the supply chain attack, hackers exploited a vulnerability in SolarWinds software called Orion. Hackers in the latter campaign used the exploit to install a malicious web shell dubbed Supernova on the network of a customer who used the network management tool. Researchers, however, had few if any clues as to who carried out that attack.<\/p>\n<p>On Monday, researchers said the attack was likely carried out by a China-based hacking group they\u2019ve dubbed \u201cSpiral.\u201d The finding, laid out in a <a href=\"https:\/\/www.secureworks.com\/blog\/supernova-web-shell-deployment-linked-to-spiral-threat-group\">report<\/a> published on Monday by Secureworks\u2019 Counter Threat Unit, is based on techniques, tactics, and procedures in the hack that were either identical or very similar to an earlier compromise the researchers discovered in the same network.<\/p>\n<h2>Pummeled on more than one front<\/h2>\n<p>The finding comes on the heels of word that China-based hackers dubbed Hafnium are one of at least five clusters of hackers behind attacks that installed malicious web shells on <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/tens-of-thousands-of-us-organizations-hit-in-ongoing-microsoft-exchange-hack\/\">tens of thousands of Microsoft Exchange servers<\/a>. Monday\u2019s report shows that there\u2019s no shortage of APTs\u2014shorthand for advanced persistent threat hackers\u2014determined to target a wide swath of US-based organizations.<\/p>\n<p>\u201cAt a time when everyone is hunting for HAFNIUM webshells because of the Exchange zero-days we learned about last week, SPIRAL&#8217;s activity is a reminder that enterprises are getting pummeled on more than one front,\u201d Juan Andres Guerrero-Saade, principal threat researcher at security firm SentinelOne, said in a direct message. The report is \u201ca reminder of the diversity and breadth of the APT ecosystem.\u201d<\/p>\n<p>Counter Threat Unit researchers said they encountered Supernova in November as they responded to the hack of a customer\u2019s network. Like other malicious web shells, Supernova got installed after the attackers had successfully gained the ability to execute malicious code on the target\u2019s systems. The attackers then used Supernova to send commands that stole passwords and other data that gave access to other parts of the network.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Secureworks CTU researchers already believed that the speed and surgical precision of the movement inside the target\u2019s network suggested that Spiral had prior experience inside it. Then, the researchers noticed similarities between the November hack and one the researchers had uncovered in August 2020. The attackers in the earlier hack likely gained initial access as early as 2018 by exploiting a vulnerability in a product known as the <a href=\"https:\/\/www.manageengine.com\/products\/service-desk\/?index\">ManageEngine ServiceDesk<\/a>, the researchers said.<\/p>\n<p>\u201cCTU researchers were initially unable to attribute the August activity to any known threat groups,\u201d the researchers wrote. \u201cHowever, the following similarities to the SPIRAL intrusion in late 2020 suggest that the SPIRAL threat group was responsible for both intrusions:\u201d<\/p>\n<blockquote>\n<ul>\n<li>The threat actors used identical commands to dump the LSASS process via comsvcs.dll and used the same output file path (see Figure 6).<br \/>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/figure-6.png\" class=\"enlarge\" data-height=\"96\" data-width=\"852\" alt=\"LSASS process dump from August 2020 using an identical command to the November 2020 incident.\"><img loading=\"lazy\" decoding=\"async\" alt=\"LSASS process dump from August 2020 using an identical command to the November 2020 incident.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/figure-6-640x72.png\" width=\"640\" height=\"72\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/figure-6.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/figure-6.png\" class=\"enlarge-link\" data-height=\"96\" data-width=\"852\">Enlarge<\/a> <span class=\"sep\">\/<\/span> LSASS process dump from August 2020 using an identical command to the November 2020 incident.<\/div>\n<div class=\"caption-credit\">Secureworks<\/div>\n<\/figcaption><\/figure>\n<\/li>\n<li>The same two servers were accessed: a domain controller and a server that could provide access to sensitive business data.<\/li>\n<li>The same \u2018c:userspublic\u2019 path (all lowercase) was used as a working directory.<\/li>\n<li>Three compromised administrator accounts were used in both intrusions.<\/li>\n<\/ul>\n<\/blockquote>\n<p>The CTU researchers already knew that Chinese hackers had been exploiting MangeEngine servers to gain long-term access to networks of interest. But that alone wasn\u2019t enough to determine Spiral had its origins in China. The researchers became more confident in the connection after noticing that the hackers in the August incident accidentally exposed one of their IP addresses. It was geolocated to China.<\/p>\n<p>The hackers exposed their IP address when they stole the endpoint detection software Sercureworks had sold to the hacked customer. For reasons that aren\u2019t clear, the hackers then ran the security product on one of their computers, at which point it exposed its IP address as it reached out to a Secureworks server.<\/p>\n<p>The naming convention of the hackers\u2019 computer was the same as a different computer that the hackers had used when connecting to the network through a VPN. Taken together, the evidence collected by CTU researchers gave them the confidence that both hacks were done by the same group and that the group was based in China.<\/p>\n<p>\u201cSimilarities between SUPERNOVA-related activity in November and activity that CTU researchers analyzed in August suggest that the SPIRAL threat group was responsible for both intrusions,\u201d CTU researchers wrote. \u201cCharacteristics of these intrusions indicate a possible connection to China.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32091\/Chinese-Hackers-Targeted-SolarWinds-Customers-In-Parallel-With-Russian-Op.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":39923,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9260],"class_list":["post-39922","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentrussiachinaflawcyberwar"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-09T15:36:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op\",\"datePublished\":\"2021-03-09T15:36:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/\"},\"wordCount\":821,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg\",\"keywords\":[\"headline,government,russia,china,flaw,cyberwar\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/\",\"name\":\"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg\",\"datePublished\":\"2021-03-09T15:36:43+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,russia,china,flaw,cyberwar\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentrussiachinaflawcyberwar\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/","og_locale":"en_US","og_type":"article","og_title":"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-03-09T15:36:43+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op","datePublished":"2021-03-09T15:36:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/"},"wordCount":821,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg","keywords":["headline,government,russia,china,flaw,cyberwar"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/","name":"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg","datePublished":"2021-03-09T15:36:43+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,russia,china,flaw,cyberwar","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentrussiachinaflawcyberwar\/"},{"@type":"ListItem","position":3,"name":"Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39922"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39922\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39923"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}