The hackers in both breaches appear to have used a “rare tool,” known as Sakula, to take remote control of computers. Only Chinese hacking teams have previously used the tool, Reuters stated.
Hackers in both organizations’ breaches used malicious software signed by certificates stolen from DTOPTOOLZ Co, a Korean software company. The company maintained it had no part in the breaches.
All the incidents also led victims to phony websites resembling legitimate ones. For instance, the attackers registered OPMLearning.org to trick employees into turning over their names and passwords.
President Barack Obama has yet to attribute the OPM breaches to China.
Meanwhile, OPM Director Katherine Archuleta is scheduled to appear before a Senate panel Thursday morning.