Mysterious Hacking Group Has Had Access to Government Records for Years
Earlier in April, the FBI warned that a group of foreign government-backed hackers known as APT6 has been compromising commercial and governmental networks and stealing information from them since 2011. This surprising news, revealed in an alert the agency issued, stated that these groups are still continuing their activities even after it was discovered that a group believed to be working for the Chinese government had been infiltrating government information for over a year. It is believed that this group had access to the computer systems of the U.S. government’s Office of Personnel Management (OPM). During this time, these hackers had access, and are believed to have stolen, data that is extremely sensitive that belongs to government workers and spies. The number of people affected by this breach is believed to be several million.
Hacking Command Centers Disbanded
The FBI, in this latest alert, published a lengthy list of websites the hackers used as command centers to launch phishing attacks in which the group intended to hack sensitive information. According to the FBI, those domains that were used by the hackers were suspended in December 2015. It is not clear though from the alert if those hackers had been forced from the networks they had infiltrated or if they were still lurking within them.
APT6 Has a Long History
It is believed that APT6 is one of the earliest APT groups and that its origins go much further back than 2011. Many sources believe the hacker group has been in existence since at least 2008. One expert, Kurt Baumgartner, a researcher from Kaspersky Labs, a Russian firm that specializes in security, declined to name APT6 as a hacker group backed by the Chinese government. He did note, however, that their interests line up with those of that government.
Other Security Groups Weigh In
Another IT security company, FireEye, noted that the domains the FBI listed as being involved are ones that are known to be connected with APT6. Kyrk Storer confirmed that such websites were used by APT6 to gain backdoor access to sensitive information. He also noted that the group targeted the industrial defense bases of both the UK and the US. He said that APT6 is probably a group of hackers that are sponsored by the Chinese government, though they have likely been dormant for a few years.
Looking for a reliable IT support partner in Northern Virginia, Washington, DC and Maryland that will protect you against these ongoing hacker threats? Use our expertise and experience to your advantage! Give TSI a call at (703) 596-0022 or drop us an email at firstname.lastname@example.org.