• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Cyber warfare
  • Digital ID
  • Hacking
  • Intelligence
  • Security
  • Why hackers target background investigation databases

Why hackers target background investigation databases

Pierluigi Paganini May 01, 2015

Foreign hackers are targeting background investigation databases to blackmail US government personnel or to try to bribe them.

It is not a mystery that Chinese hackers continuously target US companies and government offices, the attackers usually backed by the Government of Bejing mainly run cyber espionage campaigns to steal intellectual property and any kind of information related to person of interest belonging to “persons of interest.”

Security experts confirmed that Chinese hackers are targeting background check files to gather information on the US people.

The recent cyber attacks at the Office of Personnel Management (OPM), the USIS and KeyPoint Government Solutions, are the demonstration of the great interest of foreign hackers in the information on specific individuals.

The attackers use to target background investigation databases to gather detailed information about specific profiles or communities of interest.

“Newly revealed information about how hackers broke into a company conducting millions of background investigations on national security employees shows the lengths to which attackers are willing to go to steal U.S. secrets. ” reported the Nextgov

The attack scheme is easy as efficient, the attack in the majority of cases begins with a spear phishing attack that is the vector for malicious code used to infect the victims’ machines ad grab the video whenever background investigation software was being used.
There are various tactics adopted by Chinese hackers, the attackers always search for the weakest link in the security chain, in many cases this link is represented by the victims’ suppliers. Hackers use to target subcontractors to hit enterprises due the poor level of security they offer. The situation is particularly serious in the energy sector.

China hackers target Investigation database

“The attacker was able to navigate from the third-party-managed environment into the USIS network in late [redacted] by successfully brute-forcing a password on an application server,” Stroz Friedberg Managing Director Bret Padres wrote in the letter, obtained by Nextgov.

“Once the attacker was able to log in to that server, the attacker installed a malicious backdoor” to provide easy access, Padres wrote.

The attacks against companies like the USIS are not a surprise, these companies create detailed dossiers on government officials that could be used by the threat actors to conduct further attacks against the targeted organization.

Let me add that China isn’t the unique country that target US organization searching for background investigation databases, Russian hackers also represent a serious threat to the US.

To better understand why attackers target background investigation databases, let’s think to the information that a state-sponsored hacker can gather linking data from a government personnel databases and health care databases like the one compromised in the Anthem hack.  Intruders can easily obtain precious data related to the family lives of federal employees who might be susceptible to bribery or blackmail. This information could allow an attacker establish a contact with the victims and obtain an easy access to classified information by exploiting the human weakness.

“The breach of an Anthem health care database last fall affected federal employee subscribers as well as BCBS federal members who aren’t covered by Anthem but received BCBS services in a state where Anthem operates. But “if I know you have a clearance from the USIS breach and I know that maybe your husband or wife has cancer from the Anthem breach, maybe I can approach you and say: ‘You work at Langley. You’ve got access to sensitive information. Maybe if I give you $50,000 a year just to tell me a little bit about what you do, maybe I can eventually convince you to betray your country,'” Barger said, as an example of how medical data could be used to recruit human assets.”

The protection of background Investigation database is becoming a question of Homeland security, a cyber security strategy must properly address it, even when these archives are managed by private companies.

Pierluigi Paganini

(Security Affairs – background Investigation database, state-sponsored hackers)


facebook linkedin twitter

background Investigation database Chinese hackers Cybercrime Hacking KeyPoint Government Solutions Office of Personnel Management OPM Pierluigi Paganini Security Affairs state sponsored hackers USIS

you might also like

Pierluigi Paganini July 23, 2025
U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 23, 2025
Sophos fixed two critical Sophos Firewall vulnerabilities
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

    Hacking / July 23, 2025

    Sophos fixed two critical Sophos Firewall vulnerabilities

    Security / July 23, 2025

    French Authorities confirm XSS.is admin arrested in Ukraine

    Cyber Crime / July 23, 2025

    Microsoft linked attacks on SharePoint flaws to China-nexus actors

    APT / July 23, 2025

    Cisco confirms active exploitation of ISE and ISE-PIC flaws

    Hacking / July 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT