According to people with knowledge of the matter, the Chinese hacking group that’s suspected of stealing confidential information about hundreds of thousands of former and current employees of the US government has a different organizational structure and mission than the military hackers who have been accused of other data breaches in the US. While trade and defense secrets are the main focus of the Chinese People’s Liberation Army, this hacking group has constantly gained access to data that could be useful to Chinese internal stability and counter-intelligence. Beijing hasn’t been publicly accused for orchestrating the data breach by Washington at the US Office of Personnel Management (OPM).
Any suggestion that accuses China of the attack has been dismissed as ‘unscientific and irresponsible’ by the country itself. Sources said that a rare tool has been used by the hackers for remotely taking control of computers. Sakula is the name of the tool and it was also used in another breach disclosed this year at the US health insurer Anthem Inc. In turn, the Anthem Attack has been tied by security researchers to a group that’s affiliated with China’s Ministry of State Security. This ministry is focused on counter-intelligence, government stability and dissident.
In addition, it is also believed by US investigators that the hackers deceptively registered OPM-Learning.org website for capturing the names and passwords of employees. The same thing had been done at Anthem, which had previously been known as Wellpoint. Spurious websites like We11point.com had been used for subverting it as they used the number ‘1’ in place of the letter ‘l’. Malicious software had been used in both OPM and Anthem breaches, which had been electronically signed safe as a certificate had been stolen from a Korean software company called DTOPTOOLZ Co. The Korean firm said that it wasn’t involved in the breaches in any way.
Individuals who have knowledge of the investigation said that Sakula had only been used by a restricted number of Chinese hacking teams. The Chinese Foreign Ministry issued a statement in which it said that their law forbids hacking attacks and other behavior that damage internet security. It said that they take strong measures for preventing hacking attacks and were against baseless insinuations regarding the country. Nevertheless, most of the biggest cyberattacks in the US that were blamed on China were attributed to elements of the Chinese military.
Last year, in the most dramatic case, five PLA officers had been indicted by the US Justice Department for alleged economic espionage. Not much information is available on the OPM hackers and there are differing views of security researchers about the size of the group that carried out the attack and the others it is responsible for. People with knowledge of the OPM investigation said that the same group was responsible for the Anthem attack and other security breaches. However, they still aren’t sure which part of the Chinese government is to blame. Security experts have said that so far the group is after personal information.