Back in February, the ThreatConnect team conducted an in-depth independent analysis of the Anthem breach, finding connections to amorphous Chinese APT activity. Although our primary concern at the time was with the malicious Wellpoint/Anthem and VAE, Inc. (a Federal contractor) command and control domains, we couldn’t help but notice a peculiar related OPM-themed domain, opm-learning[.]org. This finding was listed in our Anthem blog, and we have continued to monitor it in ThreatConnect since mid February.