The U.S. Department of Justice has brought charges against a Chinese hacker and an accomplice for their alleged involvement in the notorious 2015 data breach at Anthem, one of the largest health insurance companies in the nation, as well as three other yet-to-be-disclosed American firms. The indictment, which was made public today in federal court in Indianapolis, names Fujie Wang (王福杰) and an unnamed co-conspirator, referred to as John Doe, who has used multiple aliases, including Deniel Jack, Kim Young, and Zhou Zhihong.
The charges against them include four counts of conspiracy related to fraud and wire fraud, as well as damage to a protected computer. The breach at Anthem resulted in the compromise of personal information from over 80 million customers, stealing critical data such as Social Security Numbers, birth dates, email addresses, and more. The breach stands out as one of the most significant data security incidents in U.S. history, prompting Anthem to accept a staggering $115 million settlement to resolve lawsuits stemming from this breach.
According to the indictment, the hackers employed advanced techniques, including spear phishing, to infiltrate the targeted companies’ computer networks. This method involved crafting deceptive communications to trick individuals into revealing sensitive information, thereby enabling the attackers to install malware and further exploit these networks for confidential user data and proprietary business information.
The Department of Justice has elaborated on the hacking scheme, indicating that the defendants commenced their activities in February 2014, systematically breaching the networks without authorization. Notably, during January 2015, they accessed Anthem’s enterprise data warehouse and successfully transferred encrypted files containing personally identifiable information (PII) from the United States to China.
In addition to targeting Anthem, the defendants have been implicated in breaches involving three additional U.S. companies across various sectors, including technology, basic materials, and communications. However, the identities of these companies have not been disclosed due to the nature of the ongoing investigation.
Wang and his co-defendant face serious legal repercussions with their charges. The allegations, however, remain just that—allegations—and both defendants maintain the presumption of innocence until proven guilty in a court of law.
The Federal Bureau of Investigation (FBI) is leading the investigation into this case, reinforcing the necessity for businesses to fortify their cybersecurity measures against such complex and coordinated attacks. Adversary tactics consistent with the MITRE ATT&CK framework are apparent here, particularly initial access methods such as spear phishing and subsequent persistence techniques through malware deployment. This incident acts as a stark reminder of the vulnerabilities that persist in the digital landscape and the critical importance of implementing robust defenses.
As businesses grapple with the implications of these breaches, it is vital for them to stay informed and proactive in their cybersecurity practices to mitigate risks and protect sensitive information.
