In the wake of the discovery of malware on the network of the Office of Personnel Management (OPM), the National Archives and Records Administration discovered three desktop computers that had been infected with the same remote access malware. The malware was detected by the National Archives' own intrusion detection system after receiving signature data from the Department of Homeland Security, according to a report by NextGov.
The National Archives retains a wealth of electronic data collected from across the government for legal and historical purposes, including classified information in the form of e-mail records, optically scanned images and documents, and other communications and publications in electronic form. It is an obvious target for espionage, as some of the records maintained there hold sensitive information about military and intelligence operations being held for eventual declassification.
There is no sign, according to an investigator who spoke with NextGov, that attackers obtained credentials giving them privileged access to the National Archives' systems. According to an Archives spokesperson, none of the Archives' enterprise applications or systems were compromised. But "IOCs"—indicators of compromise—were found on three Windows desktop computers. Those systems were wiped and re-imaged with new software before being put back into service.