The FBI has charged a Chinese national with using malicious software widely linked to a devastating hack of government databases that saw the personal information of millions of federal workers and contractors stolen.
Yu Pingan, a 36-year-old from Shanghai who uses the alias “GoldSun,” was arrested earlier this week after he flew into Los Angeles airport for a conference, according to CNN.
Court papers do not specifically mention the 2015 hacking of the Office of Personnel Management (OPM) that affected 20 million personnel records including sensitive personal data in some cases gathered from background checks.
But an investigator accused Yu of distributing the “rarely-used Sakula malware” against several US companies between 2012 and 2014 — the same software that numerous internet security blogs, citing an FBI advisory made available to private firms, have linked to the subsequent OPM breach.
Then national intelligence director James Clapper called Beijing “the leading suspect” in the cyber attack.
According to the investigator’s affidavit, “seized communications show that Yu was warned that he could get in trouble for supplying malicious software and, in particular, that he could get in trouble with the FBI for his involvement in compromising US computer networks.”
It was the second high-profile arrest of an alleged hacker in the United States this month after British computer security researcher Marcus Hutchins was held on charges of creating malware to attack banks.
