National Archives and Records Administration computers possibly accessed in connection to OPM breaches
It was vaguely hinted at in House and Senate committee hearings, but it might now be confirmed: the Office of Personnel Management (OPM) data breaches extended into other government organizations.
Nextgov.com reported that the National Archives and Records Administration (NARA) detected unauthorized activity on three desktops. These intrusions resemble the OPM breaches, but in this incident, NARA's intrusion-prevention systems detected indicators of compromise during a spring scan.
Although the agency wasn't sure when its computers were breached, it maintained that its “systems” and “applications” were not compromised.
The three impacted machines were “cleaned and re-imaged,” a spokeswoman told NextGov. The spokeswoman also said no evidence was found to indicate that the attackers obtained “administrator access” or took control of systems.
That said, legitimate-appearing files were found in places they didn't belong. NARA is seeking US-CERT's help on how to proceed with the incident.