A Chinese cyber attack targeting a U.S. Defense Department contractor was linked to the OPM hack and a separate attack targeting government officials on a U.S. aircraft carrier was also attributed to China.
In June 2016, ThreatConnect researchers spotted Chinese APT actors planting cyber espionage malware on the network of a U.S. subsidiary of a French energy management company that builds infrastructure for the U.S. government and the Department of Defense, according to an Oct 17 blog post.
It is unclear if the intrusion was for economic gain or for military intelligence but researchers said they traced the malware used in the attack to multiple Chinese APTS calling back to a domain with the same email address (firstname.lastname@example.org) as domain names used to exfiltrate data during the Anthem and OPM data breaches.
Separately, Chinese hackers targeted foreign government personnel who visited a U.S. aircraft carrier using phishing emails infected with Enfal malware which is capable of copying information from infected computers or downloading additional files.
The officials visited the USS Ronald Reagan the day before a contentious international court ruling on the South China Sea, according to the Financial Times.
A U.S. Navy official told the publication there is no indication that classified information on the ship had been compromised in the attack.