US authorities have arrested a Chinese national for allegedly using a rare malware linked to the massive 2014 US Office of Personnel Management (OPM) data breach that saw the theft of millions of American government employees' security clearance records.
The arrest was made at Los Angeles International Airport on Monday after Yu Pingan of Shanghai entered the US to attend a conference.
Pingan, 36, who goes by the hacker pseudonym "GoldSun", has been charged under the Computer Fraud and Abuse Act and has been accused of conspiring with two other Chinese nationals to deploy the malicious code dubbed Sakula – the same malware which was involved in the OPM hack in 2014 and the breach of health insurance firm Anthem in 2015, amongst others.
The OPM data breach, considered one of the worst cyberattacks targeting the US government, compromised the sensitive personal data of more than 22 million Americans who had applied for security clearance to work for the government.
The Anthem breach impacted the personal medical records of about 78.8 million current and former customers of the company.
According to an indictment filed in the US District Court for the Southern District of California on 21 August (Monday), Yu allegedly provided versions of the Sakula virus to the two unnamed men – who have not been arrested so far – knowing that it would be used to carry out the cyberattacks between 2010 and 2015.
The complaint did not specify the targeted companies but said they were based in Los Angeles, San Diego, Massachusetts and Arizona.
Security firm CrowdStrike's vice president Adam Meyers said the software flaws and one of the IP addresses cited in the complaint matched up with cyberattacks which had targeted US turbine manufacturer Capstone Turbine as well as a French aircraft supplier, according to Reuters.
Pingan has been charged with conspiring to hack into the computer networks of the US companies.
Michael Berg, Pingan's court-appointed attorney, said that his client was a teacher with no affiliation with the Chinese government and claimed he "has no involvement in this whatsoever".
Pingan will remain in jail with a court hearing on his detention scheduled for next week.
US officials had previously linked the OPM breach to China, and Chinese officials later admitted that the cyberattack was carried out by Chinese hackers. However, the officials denied that it was a state-sponsored operation.
Shortly before Chinese President Xi Jinping visited former US President Barack Obama in Washington in September 2015 and reached a landmark agreement that their governments would not commit cybercrimes against each other, the Chinese government claimed that a number of hackers were arrested in the case.