nito - Fotolia
A Chinese national has been arrested in Los Angeles on charges that include using a hacking tool linked to the cyber breach at the US Office of Personnel Management (OPM) in 2015.
About 22.1 million personal records, including 1.1 million fingerprints, were stolen in the attack, considered one of the worst breaches of US government computer systems to date.
Although the indictment filed against Yu Pingan do not mention the OPM breach, they allege that he and unnamed co-conspirators in China acquired and used “rare” hacking tools, including one called Sakula that was used in the OPM breach, according to the Washington Post.
The Sakula malware has also been linked other suspected computer system penetrations in the US.
US officials revealed that 36-year-old Yu, from Shanghai, was arrested on 21 August when he flew into Los Angeles International Airport.
He is accused of conspiracy to commit computer hacking in connection with at least four other alleged cyber intrusions at US companies between 2012 and 2014.
US officials hope the arrest will provide some more information about the OPM hack, which is widely believed to have been part of a China-based cyber espionage campaign.
Read more about cyber espionage
- A huge data breach at French naval defence contractor DCNS highlights the challenge of protecting intellectual property, say security experts.
- Russian state-sponsored hackers work office hours and target Western governments, according to F-Secure report.
- A cyber espionage group has targeted high-profile technology, internet, commodities and pharmaceutical companies in the US, Europe and Canada.
- Abuse of credentials and watering-hole attacks are the main tactics used by a cyber espionage group.
In previous official reports on the OPM hack, the Deep Panda hacking group, which has links to the Chinese military, has been named as a likely culprit.
Yu’s court-appointed attorney, Michael Berg, said the defendant was a teacher with no affiliation with the Chinese government and that he had travelled to Los Angeles for a conference, reports Business Insider.
Yu remains in jail and is expected to appear in court next week.
Chinese authorities have repeatedly denied any involvement in the OPM attack. “The Chinese government takes resolute strong measures against any kind of hacking attack,” China’s foreign ministry said in a statement in 2015.