Update: National Archives officials now report that the "indicators of compromise" found on three Archives systems were a false positive, and that no breach has occurred, contrary to a NextGov report yesterday. Laura Diachenko, a spokesperson for the National Archives, told Ars in an e-mail that there had been files that matched a fingerprint for the malware had been detected on the Archives' network.

"The National Archives (NARA) detected two files on three individual workstations that matched some of the criteria that the Department of Homeland Security provided, in the wake of the Office of Personnel Management hack," Diachenko told Ars. "We took precaution by immediately reporting to US-CERT. US-CERT has deemed the files found on NARA's computers to be legitimate files and not associated with the OPM incident. NARA is partnering with DHS and US-CERT pro-actively to ensure that NARA systems are protected to the fullest extent possible."

The "indicators of compromise", or IOCs, shared by the Department of Homeland Security, had been fed into the National Archives' in-house vulnerability scanning tool. They triggered an alert. However, contrary to NextGov's report, those files were in fact found to be benign, and related to Internet Explorer.

The original report, based on NextGov's reporting and other sources, follows:

In the wake of the discovery of malware on the network of the Office of Personnel Management (OPM), the National Archives and Records Administration discovered three desktop computers that had been infected with the same remote access malware. The malware was detected by the National Archives' own intrusion detection system after receiving signature data from the Department of Homeland Security, according to a report by NextGov.

The National Archives retains a wealth of electronic data collected from across the government for legal and historical purposes, including classified information in the form of e-mail records, optically scanned images and documents, and other communications and publications in electronic form. It is an obvious target for espionage, as some of the records maintained there hold sensitive information about military and intelligence operations being held for eventual declassification.

There is no sign, according to an investigator who spoke with NextGov, that attackers obtained credentials giving them privileged access to the National Archives' systems. According to an Archives spokesperson, none of the Archives' enterprise applications or systems were compromised. But "IOCs"—indicators of compromise—were found on three Windows desktop computers. Those systems were wiped and re-imaged with new software before being put back into service.