The U.S. OPM had suffered a great setback with a cyber infringement incident reported in 2015. The Office of Personal Management (OPM) data breach had exposed personal information of about 25.7 million Americans. This was believed to be carried out through a malware called Sakula.
In the wake of this incident, a Chinese national was arrested by the Federal Bureau of Investigation (FBI) on August 21. The 36-year old Yu Pingan was held responsible for the spread of this malware.
A sophisticated remote access trojan (RAT), Sakula enabled hackers to remotely access target systems. An advanced persistent threat group (APT19), called Deep Panda, based on China was known to develop it.
However, the Chinese government had dismissed its involvement in the OPM breach. Following the attack, they arrested a handful of suspected hackers within its borders.
Nonetheless, Pingan was found to trace his origin in Shanghai. He had been nabbed while attending a conference in Los Angeles. He was charged with the creation of the Sakula malware.
Yet, it was discovered that he was not the lone person associated with the hack. He was in close contact with two unnamed co-conspirators while the operation was carried out. While Pingan was known as the GoldSun, the alleged co-conspirator (s) went by the name UCC.
An indictment was filed against Pingan on the same day of his arrest in the U.S. District Court for the Southern District of California. He had been imposed with one count of Computer Fraud and Abuse Act. Pingan is also accused of conspiracy to defraud or commit offence against the United States.
The FBI affidavit had detailed the attack. It read: “Defendant Yu and co-conspirators in the PRC [People’s Republic of China] would establish an infrastructure of domain names, IP addresses, accounts with Internet service providers, and websites to facilitate hacks of computer networks operated by companies in the United States and elsewhere. Defendant Yu and co-conspirators in the PRC would use elements of that infrastructure and a variety of techniques, including watering hole attacks, to surreptitiously install or attempt to install files and programs on the computer networks of companies in the United States and elsewhere.”
Although the names of the victimized companies were not revealed, they were supposed to total up to four. These were headquartered in Los Angeles, California; Massachusetts; Arizona; and San Diego, California. The attacks were said to have taken place between 2011 and 2014.
The OPM breach was one of the worst U.S. had faced. It had compromised with personal histories of former and current U.S. government employees or their spouses. The virtual thieves had stolen sensitive data such as the Social Security numbers from security clearance forms of 19.7 million job applicants and government officials. It also included 1.8 million non-applicants that comprised of the spouses and partners of these government servants.