Two Groups of Chinese Hackers Behind Breach of Millions of US Employees Information

June 10, 2015 Updated: June 10, 2015

There were allegedly multiple hacker groups behind the recent cyberattack that stole records of four million U.S. government employees.

The attack was carried out by two groups of Chinese state-sponsored hackers, including one tied to the Chinese military, according to The Washington Free Beacon, which cites unnamed security analysts familiar with the breach.

The cyberattack targeted the U.S. Office of Personnel Management (OPM), which holds records on federal employees and handles their security clearances. OPM and the FBI revealed the breach on June 4, yet OPM said the attack was first detected in April.

While the U.S. government has not officially blamed the Chinese regime for the attack, its fingerprints are all over it. The Chinese regime had launched cyberattacks against OPM in March 2014, in a failed attempt to access the same data that was recently compromised.

Security experts believe the Chinese regime will use the stolen data as a blueprint to get security access for its own spies, or to compromise current U.S. government employees.

Others point to a growing trend, suggesting the Chinese regime is trying to build a database on Americans. The Washington Free Beacon notes one of the hacker groups in the recent attack is tied to the “Deep Panda” group uncovered in November 2014, which has been targeting governments, financial and legal offices, and the telecommunications industries.

Deep Panda was also tied to the breach of health insurance company Anthem, where the hackers stole social security numbers and private information on 80 million Americans.

The hackers who launched the recent cyberattack on OPM used the same tools as the hackers who breached Anthem, according to The Washington Free Beacon. They used a known Remote Access Trojan (RAT) called Sakula. RATs are tools that allow hackers to remotely access, and gain control over, infected systems.

Follow Joshua on Twitter: @JoshJPhilipp