Per the Wall Street Journal on Feb 3 2021, attackers were in SolarWinds’ Office 365 email system from at least December 2019, using one account to compromise others, and leapfrogging on. That’s a lot of time to ingest a lot of details from those emails.
Per Reuters on Feb 2 2021, Chinese hackers used SolarWinds to spy on US payroll. Thus is a different software issue than the Russians are believed to have used. They were – wait for it – in there at the same time.
We know how damn good China is at cyber espionage – think of many major US breaches they have been behind. This impacts the National Finance Center NFC, responsible for handling the payroll of the FBI, DHS, State Dep’t, for a total of 160 agencies and 600k federal employees. I think that was the sound of the other shoe dropping.