Federal Prosecutors Announce Indictment of Chinese Hackers Involved in 2015 Anthem Data Breach

Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

On May 9, 2019, a federal grand jury unsealed an indictment of two members of a Chinese hacking group charged with a series of computer intrusions, including their involvement in the 2015 data breach at Anthem Inc., which affected the data of over 78 million people.

In an announcement by the Justice Department’s Criminal Division, the FBI’s Cyber Division, and the U.S. Attorney for the Southern District of Indiana (the state where Anthem is headquartered), the FBI announced that the four-count indictment alleges that Fujie Wang and other members of the hacking group, including one individual charged as John Doe, conducted a campaign of intrusions into U.S. based computer systems, including Anthem’s systems and those of three other businesses, in activity dating back to February 2014.

While the indictment does not name the three other businesses, they FBI noted that the attacks targeted four distinct sectors, including healthcare, technology, basic materials, and communications.

The indictment alleges that the actors used sophisticated techniques to hack into the victim businesses, then installed malware and other tools to further compromise the networks and steal personally identifiable information and confidential business information.

According to the indictment, the actors would send employees targeted spear-phishing emails with embedded links, which would introduce malware into the victim systems and allow the attackers to install a backdoor, providing them with remote access into the systems. The attackers would then conduct reconnaissance, often over the course of several months. In the case of Anthem, the indictment notes that the actors accessed the network for the purpose of conducting reconnaissance on Anthem’s ‘enterprise data warehouse,’ a system that stores a large amount of personal information. The actors would then collect files using software tools, place the data into encrypted archive files, and send the data back to China. Following exfiltration, the actors would then delete the encrypted archive files from the computer networks in order to reduce any evidence of the intrusion.

Notably, the indictment is one of several from DOJ in recent months against Chinese nationals alleged to have been involved in attacks on American companies. However, unlike several of the previous indictments, the most recent indictment does not mention any connection to the Chinese state government, and instead only mentions that the attackers were part of a sophisticated China-based hacking group.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide