re/code on FireEye ostensibly identifying the Chinese group responsible for the recent massive OPM breach that saw records for four-million personnel stolen:
The group, based in China, is not the one known as “Deep Panda” that has been tied to the Chinese military and an attack on insurer Anthem Health earlier this year. It is instead another group whose activities FireEye has monitored since 2013 and that specializes in attacks that are meant to gather troves of personally identifiable information, or PII. The group focuses its attention and efforts on the health insurance and travel industries. FireEye did not assign a name to the group.
“Unlike other actors operating in China who conduct industrial espionage or steal defense technology, this group has primarily targeted PII. Based on the tools and tactics, FireEye Intelligence thinks that the group who compromised OPM’s networks is different from the activity of Deep Panda.
So FireEye does not believe the group to be Deep Panda but cannot name those responsible? All FireEye can say is this new group uses the same exploits as Deep Panda to breach a network, but once inside their tactics are markedly different they must some another group? I am finding this story hard to believe.