A Chinese national was [arrested](http://www.reuters.com/article/us-usa-cyber-opm-idUSKCN1B42RM) in Los Angeles Wednesday, charged with distributing a rare piece of malware that&#x2019;s been linked to the theft of U.S. government employee records. The malware was used in attacks on U.S. organizations that compromised the details of over 100 million people.

Yu Pingan &#x2014; also known as &#x201c;GoldSun&#x201d; &#x2014; was arrested when he landed at Los Angeles airport on his way to a conference, according to officials speaking to [CNN](http://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html). An [August 21 indictment](https://assets.documentcloud.org/documents/3955509/YuPinganComplaint.pdf) shows Yu has been charged under the Computer Fraud and Abuse Act and is further accused of conspiracy to commit offense or defraud the United States.

The charges against him relate to attacks on four unnamed U.S. companies reportedly conducted by Yu and two unnamed Chinese nationals using the Sakula malware from 2011 to 2014.

Multiple security companies have said the rarely-seen Sakila malware was used to compromise the systems of the U.S. Office of Personnel Management. The malware was also used in an attack on [Anthem](https://www.theguardian.com/us-news/2015/feb/05/millions-of-customers-health-insurance-details-stolen-in-anthem-hack-attack), the second-largest insurance company in the U.S.

In June 2015, hackers compromised the OPM&#x2019;s network and stole the personal details of more than 22 million U.S. citizens from security clearance forms. According to officials speaking to the [Washington Post](https://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?hpid=z1&utm_term=.19307332752c) and the [Wall Street Journal](https://www.wsj.com/articles/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888) in the wake of the attack, the U.S. government suspected Chinese hackers were responsible for the attack &#x2014; though it never publicly confirmed this suspicion.

The Anthem breach, which also happened in 2015, saw hackers steal the medical records of 78.8 million current and former customers. [Analysis](http://www.insurance.ca.gov/0400-news/0100-press-releases/2017/release001-17.cfm) by independent security experts concluded that hackers working for a foreign government were behind the attack.

The Sakula malware, which allows hackers gain remote access to compromised systems, has also been linked to a Chinese-based hacker group called [Deep Panda](http://cybercampaigns.net/wp-content/uploads/2013/06/Deep-Panda.pdf).

China has consistently denied any involvement in the attacks. &#x201c;The Chinese government takes resolute strong measures against any kind of hacking attack,&#x201d; China&#x2019;s Foreign Ministry [told Reuters](https://www.reuters.com/article/cybersecurity-usa-china-idUSL1N0Z437E20150619) in 2015. &#x201c;We oppose baseless insinuations against China.&#x201d;

FYI.

This story is over 5 years old.

FBI arrests Chinese man behind malware used in massive U.S. government hack

FYI.

This story is over 5 years old.

FBI arrests Chinese man behind malware used in massive U.S. government hack

Get the latest from VICE News in your inbox. Sign up right here.