It looks like the federal government's cybersecurity nightmare isn't ending anytime soon. There's new evidence that the National Archives and Records Administration (NARA) has been hit by the same hackers that attacked the Office of Personnel Management and accessed sensitive information belonging to millions of employees. The NARA is the nation's record keeper. Of all documents and materials created in the course of business conducted by the United States Federal government, NARA keeps the ones important for legal or historical reasons forever.
Luckily, NARA fared better than the OPM. The administration's intrusion-prevention system actually detected the compromise on three computers, and it doesn't appear that the intruders gained administrative access.
NARA "systems" and "applications" were not compromised, National Archives spokeswoman Laura Diachenko emphasized to Nextgov, “but we detected IOCs," indicators of compromise, "on three workstations, which were cleaned and re-imaged," or reinstalled.
It's unclear when the NARA system was first compromised, but the detection is proof that the OPM hack is more widespread than first reported. Both NARA's detection system and the government's EINSTEIN 3A monitoring tool are now set up to look for signs of the OPM attack.
OPM isn't the only agency getting probed by this group," said John Prisco, president of security provider Triumfant, the company that developed the National Archives’ tool. "It could be happening in lots of other agencies."
The attack attempts to connect to the Internet and communicate information it has uncovered back to servers run by the hackers.