For more than five years, U.S. intelligence agencies followed several groups of Chinese hackers who were systematically draining information from defense contractors, energy firms and electronics makers, their targets shifting to fit Beijing’s latest economic priorities.
[...] last summer, officials lost the trail as some of the hackers changed focus again, burrowing deep into U.S. government computer systems that contain vast troves of personnel data, according to U.S. officials briefed on a federal investigation into the attack and private security experts.
Undetected for nearly a year, the Chinese intruders executed a sophisticated attack that gave them “administrator privileges” into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency’s systems, two senior administration officials said.
The hackers’ ultimate target: the 1 million or so federal employees and contractors who have filled out a form known as SF-86, which is stored in a different computer bank and details personal, financial and medical histories for anyone seeking a security clearance.
In congressional testimony and in interviews, officials investigating the breach at the personnel office have struggled to explain why the defenses were so poor for so long.
While Obama publicly named North Korea as the country that attacked Sony Pictures Entertainment last year, he and his aides have described the Chinese hackers in the government records case only to members of Congress in classified hearings.