Hackers that stole sensitive background and security clearance information from millions federal employees may have also infiltrated another federal agency, Nextgov has reported.
The National Archives and Records Administration (NARA) reportedly detected “indicators of compromise” on three of its computers when files were found out of place, although there was no evidence that the hackers had obtained administrative access to NARA’s systems.
“OPM [Office of Personnel Management] isn’t the only agency getting probed by this group,” John Prisco, president of security provider Triumphant, told Nextgov. “It could be happening in lots of other agencies.”
The massive breach of OPM’s database at the hands of Chinese hackers — discovered earlier this month — is the seventh time hackers have tried to steal national security-sensitive or federal personnel information over the past year, according to Nextgov.
Administration officials are now admitting that the attack may have affected more than 18 million people — 14 million more than was initially reported — including federal employees and those who merely applied for, but have never actually held, a government job.
FBI Director James Comey reportedly disclosed the 18 million estimate to Senators in a private briefing last week, using the OPM’s own internal data, CNN reported.
The higher figure makes sense given recent revelations that hackers who infiltrated OPM had access to the agency’s security clearance computer system for over a year, giving them ample time to steal as much information as possible from OPM’s database of military and intelligence officials, the Washington Post reported.
Specifically, the hackers reportedly gained administrative access to OPM’s database, which allowed them to mimic the credentials of people who run the agency’s systems.
This, in turn, gave the cyber thieves unrestricted access to employees’ and applicants’ SF86 forms, which is one of the most extensive national security questionnaires that exists.
The hackers’ ability to remain embedded in government systems undetected means that it may be months or even years before the full extent of the breach — and how many agencies were affected — is fully known.
“The average time Chinese hackers have access to a compromised system is 356 days and the longest recorded was 4 years and 10 months,” Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider, citing research published in a 2013 Mandiant report that tracked high-profile Chinese hacking groups.
“They are really good at what they do, and when they break into something it’s not just smash and grab,” Wuergler said.
Business Insider Emails & Alerts
Site highlights each day to your inbox.