Hackers Breach US Government, Sell Attack Source Code

Hackers responsible for stealing internal data and security credentials from US government employees are now offering to sale the source code of the malware used to breach those systems, according to researchers.

One of the hackers, previously linked to breaches of sites including LinkedIn and Twitter, is offering a previously unknown trove of more than 30,000 records on US government employees, which could be used in conjunction with the tools to launch further targeted attacks, the researchers said.

GovRat 2.0

The tool, called GovRat, went up for sale on black-market web marketplaces in mid-May and is an update to malware first identified late last year, said IT security firm InfoArmor in a new study.

The individual who developed GovRat, and who uses the pseudonyms “popopret” or “bestbuy”, seems to have distributed the malware to government and military staff using malicious code embedded in web pages or malicious advertisements, the study found.

In this way the attacker apparently stole a number of login credentials to US government servers, which were then listed for sale on black market sites including The Real Deal, InfoArmor said.

The tools used to collect the data are also being sold on The Real Deal and a secretive marketplace called Hell, according to the study.

New US government breach

The hacker appears to be linked to another individual who uses pseudonyms including “Peace of Mind” and “PoM”, and who has been linked to some of the most serious breach of personal data in recent months, including troves stolen from LinkedIn, MySpace, Twitter, Tumblr and Russian site VK.com, in all more than 800 million records, according to InfoArmor.

“Peace of Mind” is now selling a trove of 33,000 records claimed to be those of US government employees and which can be used in conjunction with GovRat for the targeted delivery of malware.

The firm said it determined that most of the data appears to have been stolen from the US’ National Institute of Building Sciences (NIBS), which has members in the research, educational, government and military sectors.

“This database has over 33,000 users and their contact information from various government, military and educational organizations, along with stored passwords in hashed form,” wrote InfoArmor chief intelligence officer Andrew Komarov in the report.

The passwords are stored in an encrypted form but can be decoded, according to Komarov.

Mega-breaches

The apparent breach of the NIBS has not been previously reported but, if found to be legitimate, would surpass the estimated 21.5 million records stolen from the US government’s Office of Personnel Management (OPM) beginning in 2014 and disclosed last year.

The NIBS has yet to respond to a request for comment.

Little is known about “Peace of Mind” or “popopret”, but in an interview published by technology website Wired earlier this year “Peace of Mind” stated that most of the hacked data being sold was initially obtained by a group of Russian computer hackers.

The data was first used by the group to conduct its own targeted attacks before later being sold directly to other hackers, “Peace” said in the interview.

The OPM hack, by contrast, was probably carried out by China, US director of national intelligence James Clapper said last year.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Smartphone Shipments To Rebound In 2024, Says Counterpoint

Relief for Apple, Samsung etc after smartphone shipments are predicted to recover in 2024, as…

29 mins ago

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

22 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

22 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

23 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 day ago