[BreachExchange] US Indicts Chinese Man for Anthem Breach

[Destry Winant]

https://www.infosecurity-magazine.com/news/us-indicts-chinese-man-for-anthem-1/

The US authorities have charged a Chinese man for his role in the
massive 2015 information-stealing raid on health insurer Anthem, which
affected nearly 79 million customers.

Fujie Wang, 32, and another man charged as John Doe, have been
indicted for attacks on four US businesses, including a “basic
materials” firm, a tech company and a communications business.

According to the court documents unsealed last week in Indianapolis,
the two are charged with one count of conspiracy to commit fraud and
related activity in relation to computers and identity theft, one
count of conspiracy to commit wire fraud, and two substantive counts
of intentional damage to a protected computer.

They are alleged to have sent spear-phishing emails to employees in
the targeted businesses, of which only Anthem has been named. Once
users clicked on a malicious link, a backdoor was covertly downloaded
to give the hackers remote access to the corporate network.

They then waited several months before performing reconnaissance work
on Anthem’s data warehouse in October and November 2014. Once the
sough-after data was found, in January 2015 it was placed into
encrypted archive files and exfiltrated before being sent to China.

The files were then deleted from the victim networks to avoid
detection, according to the Department of Justice (DoJ).

Wang is alleged to have controlled two domain names linked to the
campaign, including one domain name associated with a backdoor used to
attack one business, and another linked to an email account used to
spear-phish victims of a separate targeted company.

Personally identifiable data (PII) on around 78.8 million Anthem
customers was stolen, including names, health identification numbers,
dates of birth, Social Security numbers, addresses, telephone numbers,
email addresses, employment information and income data.

The breach is still one of the biggest ever recorded in the healthcare
sector. In 2017 Anthem agreed to pay $115m to settle lawsuits brought
by customers, in what lawyers at the time said was the largest ever
settlement for a data breach.

However, the firm admitted no wrongdoing during that case, and it was
praised by officials last week for its incident response following the
attack.

“Anthem's cooperation and openness in working with the FBI on the
investigation of this sophisticated cyber-attack was imperative in
allowing for the identification of these individuals. This also speaks
to the strong partnerships the FBI has with the private sector, as
well as the tenacity and global reach of the Bureau,” said special
agent in charge Grant Mendenhall.

“It should also be noted that the speed with which Anthem initially
notified the FBI of the intrusion on their networks was also a key
factor in being able to determine who was responsible for the breach
and should serve as an example to other organizations that might find
themselves in a similar situation.”

There have been suggestions that the attack was state-sponsored, as an
Anthem spokesperson in 2017 claimed there was no evidence that any of
the data was sold or used in identity fraud. However, the real motives
remain a mystery for now.