Hackers Breach US Government, Sell Attack Source Code

Hackers responsible for stealing internal data and security credentials from US government employees are now offering to sale the source code of the malware used to breach those systems, according to researchers.

One of the hackers, previously linked to breaches of sites including LinkedIn and Twitter, is offering a previously unknown trove of more than 30,000 records on US government employees, which could be used in conjunction with the tools to launch further targeted attacks, the researchers said.

GovRat 2.0

The tool, called GovRat, went up for sale on black-market web marketplaces in mid-May and is an update to malware first identified late last year, said IT security firm InfoArmor in a new study.

The individual who developed GovRat, and who uses the pseudonyms “popopret” or “bestbuy”, seems to have distributed the malware to government and military staff using malicious code embedded in web pages or malicious advertisements, the study found.

In this way the attacker apparently stole a number of login credentials to US government servers, which were then listed for sale on black market sites including The Real Deal, InfoArmor said.

The tools used to collect the data are also being sold on The Real Deal and a secretive marketplace called Hell, according to the study.

New US government breach

The hacker appears to be linked to another individual who uses pseudonyms including “Peace of Mind” and “PoM”, and who has been linked to some of the most serious breach of personal data in recent months, including troves stolen from LinkedIn, MySpace, Twitter, Tumblr and Russian site VK.com, in all more than 800 million records, according to InfoArmor.

“Peace of Mind” is now selling a trove of 33,000 records claimed to be those of US government employees and which can be used in conjunction with GovRat for the targeted delivery of malware.

The firm said it determined that most of the data appears to have been stolen from the US’ National Institute of Building Sciences (NIBS), which has members in the research, educational, government and military sectors.

“This database has over 33,000 users and their contact information from various government, military and educational organizations, along with stored passwords in hashed form,” wrote InfoArmor chief intelligence officer Andrew Komarov in the report.

The passwords are stored in an encrypted form but can be decoded, according to Komarov.

Mega-breaches

The apparent breach of the NIBS has not been previously reported but, if found to be legitimate, would surpass the estimated 21.5 million records stolen from the US government’s Office of Personnel Management (OPM) beginning in 2014 and disclosed last year.

The NIBS has yet to respond to a request for comment.

Little is known about “Peace of Mind” or “popopret”, but in an interview published by technology website Wired earlier this year “Peace of Mind” stated that most of the hacked data being sold was initially obtained by a group of Russian computer hackers.

The data was first used by the group to conduct its own targeted attacks before later being sold directly to other hackers, “Peace” said in the interview.

The OPM hack, by contrast, was probably carried out by China, US director of national intelligence James Clapper said last year.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

China Opens Nvidia Antitrust Probe After US Sanctions

Chinese government opens antitrust probe into Nvidia's $7bn acquisition of Mellanox, in move seen as…

30 mins ago

Google Announces Quantum Chip Error ‘Breakthrough’

Google Willow quantum chip makes significant improvements in error correction, moving quantum computing closer to…

1 hour ago

TikTok Asks For Emergency Pause On US Divestiture Law

TikTok, ByteDance ask court for emergency injunction to pause enforcement of divestiture law pending Supreme…

1 hour ago

OpenAI Seeks To Remove Commercial ‘AGI’ Constraint

ChatGPT developer OpenAI reportedly discussing removal of provision that blocks Microsoft from accessing super-intelligent AI

23 hours ago

EU Probes Nvidia AI Chip Business Practices

European Commission reportedly questions Nvidia competitors, customers over business practices in AI chip market over…

23 hours ago

Apple To Begin Using In-House 5G Modems Next Year

Apple reportedly planning to use first-generation in-house 5G modem in iPhone SE next year, hopes…

23 hours ago