Mysterious Hacking Group Has Had Access to Government Records for Years

Earlier in April, the FBI warned that a group of foreign government-backed hackers known as APT6 has been compromising commercial and governmental networks and stealing information from them since 2011. This surprising news, revealed in an alert the agency issued, stated that these groups are still continuing their activities even after it was discovered that a group believed to be working for the Chinese government had been infiltrating government information for over a year. It is believed that this group had access to the computer systems of the U.S. government’s Office of Personnel Management (OPM). During this time, these hackers had access, and are believed to have stolen, data that is extremely sensitive that belongs to government workers and spies. The number of people affected by this breach is believed to be several million.


Hacking Command Centers Disbanded

The FBI, in this latest alert, published a lengthy list of websites the hackers used as command centers to launch phishing attacks in which the group intended to hack sensitive information. According to the FBI, those domains that were used by the hackers were suspended in December 2015. It is not clear though from the alert if those hackers had been forced from the networks they had infiltrated or if they were still lurking within them.

APT6 Has a Long History

It is believed that APT6 is one of the earliest APT groups and that its origins go much further back than 2011. Many sources believe the hacker group has been in existence since at least 2008. One expert, Kurt Baumgartner, a researcher from Kaspersky Labs, a Russian firm that specializes in security, declined to name APT6 as a hacker group backed by the Chinese government. He did note, however, that their interests line up with those of that government.

Other Security Groups Weigh In

Another IT security company, FireEye, noted that the domains the FBI listed as being involved are ones that are known to be connected with APT6. Kyrk Storer confirmed that such websites were used by APT6 to gain backdoor access to sensitive information. He also noted that the group targeted the industrial defense bases of both the UK and the US. He said that APT6 is probably a group of hackers that are sponsored by the Chinese government, though they have likely been dormant for a few years.

Looking for a reliable IT support partner in Northern Virginia, Washington, DC and Maryland that will protect you against these ongoing hacker threats? Use our expertise and experience to your advantage! Give TSI a call at (703) 596-0022 or drop us an email at

Connect with Us

Corporate Office

  • 3320 Noble Pond Way Suite 201 Woodbridge, Virginia 22193
  • Satellite Office

  • 21475 Ridgetop Circle Sterling, VA 20166 United States
  • Illinois Office

  • 145 E Walnut Street Oglesby, IL 61348 United States
  • Virginia: (703) 596_-0022 Maryland: (240) 712_-4222 Pennsylvania: (610) 365_-1919 Washington, DC: (202) 794_-7470 Illinois: (815) 205_-1138
  • Toll Free: (888) 596_-0022 Fax: (703) 637_-1284

Data Center

Come and See Us