Hackers from China are no strangers to American IT infrastructure. According to a New York Times report published on July 9, Chinese hackers were able to infiltrate the Office of Personnel Management, which is the U.S. government agency that houses information on federal government employees.
According to the report, the attack occurred in March of this year and was subsequently detected and blocked by federal authorities. It is not clear how long the Chinese hackers had access, or how much information they might have obtained. While the report cites China as the source of the attack, it is not clear if the attack is directly connected to or sponsored by the government of China.
The New York Times itself is no stranger to hackers from China. Back in January 2013, Chinese hackers infiltrated the networks of the New York Times and The Wall Street Journal.
There are also multiple known and attributed attacks from China that were sponsored and performed by members of the Chinese Army. In February 2013, security firm Mandiant first disclosed the activities of Chinese People’s Liberation Army (PLA) Unit 61398, which was attacking the United States.
The U.S government itself is well aware of attacks from China that are sponsored by the PLA and has aimed to take legal action against those responsible. On May 19, U.S. Attorney General Eric Holder announced an indictment naming Chinese military officers attached to the Chinese PLA Unit 61398 as being allegedly responsible for attacking U.S. companies.
The May indictment specifically identifies an eight-year period from 2006-2014 during which attacks took place against multiple American companies. Even more recently—on June 9—security firm CrowdStrike revealed yet another campaign coming from China targeting the United States. CrowdStrike called the new effort “Putter Panda” and identified the group as being part of the PLA.
In regard to the newly reported Chinese campaign against the U.S. Office of Personnel Management, Adam Meyers, vice president of intelligence at CrowdStrike, wasn’t too surprised at the disclosure.
“I was more alarmed than surprised; the Chinese threat actors are aggressive and numerous,” Meyers told eWEEK.
From what Meyers can tell at this point, the newly reported Chinese attack is not directly related to the CrowdStrike-discovered Putter Panda campaign.
“This would not be consistent with Putter Panda tasking,” Meyers said. “This would be more consistent with other adversaries out of China. We track over 10 different Chinese adversary groups who target various Western governments.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.