A Chinese national visiting the United States was arrested at Los Angeles International Airport and was accused of providing malware that has been linked to the hacking of security clearance records of US government employees. According to the federal government, Yu Pingan provided versions of a malware program known as Sakula to two men who were involved with carrying out hacking attacks against private firms. Those attacks targeted several companies in the energy and aerospace industries, including a US turbine manufacturer and a French aircraft supplier.
The Sakula malware program was also implicated in the hacking of the US Office of Personnel Management (OPM) in 2014. That breach was among the largest in US government history and is estimated to have compromised the personnel records of up to 21.5 million present and former government employees. Included in that hack were SF-86 forms that employees had submitted for background checks, which contain sensitive personal information, as well as 5.6 million sets of fingerprints.
While the culprits behind the OPM hack were never positively identified, suspicion was cast on the Chinese government. While the arrest of Yu Pingan has not been linked to the OPM attack in the federal government’s complaint, the fact that the same software was used in both the industrial espionage hacks and the OPM attack makes it highly likely that investigators may now be able to trace the source of the software used to compromise OPM’s records and begin to identify the attackers.