The United States Department of Justice has officially charged four members of the Chinese military for their alleged role in the significant Equifax data breach, resulting in the exposure of sensitive personal and financial information of nearly 150 million Americans.
In a press conference spearheaded by Attorney General William Barr and FBI Deputy Director David Bowdich, officials described this incident as perhaps the most extensive state-sponsored hacking operation uncovered to date, exemplifying an alarming trend in cyber espionage. The accused—Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei—stand accused not only of this massive breach but also of engaging in the theft of trade secrets and intellectual property from various U.S. companies.
This data breach, first disclosed by Equifax in September 2017, stemmed from exploitation of a critical vulnerability in the Apache Struts web framework—a weakness that the company failed to patch despite available updates. The malicious hackers conducted extensive reconnaissance of Equifax’s systems, particularly its online dispute portal, to obtain valuable login credentials, which facilitated deeper access into the corporate network. The Department of Justice reported that the intruders executed around 9,000 queries to identify sensitive data such as names, birth dates, and Social Security numbers.
In their attempts to evade detection, the perpetrators exhibited advanced tactics aligned with the MITRE ATT&CK framework. Initial access was likely gained through exploitation of the unpatched vulnerability, while the attackers used techniques like traffic obfuscation through numerous servers across various countries. They further employed encrypted communication within the network to blend in with normal activity, meticulously deleting logs and compressed files to erase traces of their operation.
As a direct consequence of the breach, Equifax faced a £500,000 fine from U.K. regulators and agreed to pay up to $700 million to settle related investigations in the United States. The FBI has been on this case for two years, tracing the hacking activity back to these four suspects connected to the People’s Liberation Army’s 54th Research Institute, all of whom remain at large in China and are now listed on the FBI’s Most Wanted Cyber criminals list.
It is crucial to note that this incident is part of a broader pattern in which U.S. authorities have previously charged Chinese intelligence officers with cyber espionage. Similar actions were taken in 2014 against five Chinese military officials, and in 2015 against two hackers involved in a massive breach affecting over 80 million Anthem health insurance customers.
As this story develops, the cybersecurity community continues to monitor these trends closely. Business owners should consider the implications of such state-sponsored attacks and reinforce their security measures to address possible vulnerabilities in their environments. For timely updates on cybersecurity incidents and analysis, following credible sources is highly recommended.
