The Chinese hackers who breached the Office of Personnel Management last year used superhero names out of the Marvel Comics universe, according to a congressional report released Wednesday.
The hackers first registered the domain “opmsecurity.org” to “Steve Rogers, a.k.a. ‘Captain America,'” in April 2014, according to investigators on the House Oversight Committee. The name was later used as a “command and control” domain to direct malware in the agency’s systems.
A second domain, “opmlearning.org,” was registered to Tony Stark, Iron Man’s alter ego, in July 2014. Report authors found it was Iron Man who ultimately completed the mission after OPM officials detected Captain America and believed they had removed him through an operation dubbed “the Big Bang.”
“As the agency monitored Hacker Xl ‘s movements throughout the network, it noticed Hacker XI was getting dangerously close to the security clearance background information,” investigators wrote, using another name for the group that made the initial infiltration.
Related Story: http://www.washingtonexaminer.com/article/2601154
“The agency was confident the planned remediation effort … eliminated Hacker XI ‘s foothold on their systems. But Hacker X2, who had successfully established a foothold on OPM’s systems and had not been detected due to gaps in OPM’s IT security posture, remained in OPM’s system post-Big Bang,” authors added.
Investigators noted that executives at Cylance, a security firm contracted to help OPM clean up the mess, wrote at the time that the amount of malware in the agency’s systems “lit up” their detection tools “like a Christmas tree.”
The breach led to the exfiltration of personnel data on 22.1 million government employees, including 5.6 million sets of fingerprints, by hackers linked to the Chinese government.
