Chinese nationals charged in connection with 2015 Anthem data breach
WASHINGTON– A Chinese national said to be part of an extremely sophisticated hacking group was charged with targeting large U.S. businesses, including the 2015 Anthem data breach.
Fujie Wang (王 福 杰 in Chinese Hanzi), 32, and other members of the group were involved with a “campaign of intrusions into U.S.-based computer systems, according to federal authorities.
The group would install malware on computer systems after hacking into the network to gain access, according to the indictment. They would then be able to identify data of interest, including personal identifying information (PII) and confidential information. The indictment alleges the data would them be stolen.
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” said Assistant Attorney General Benczkowski. “These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”
In relation to the Anthem data breach, the indictment says the 78.8 million people had data related to them stolen. This includes names, health identifiers, Social Security numbers, addresses and more.
One of the tactics allegedly used in the hacking was he sending of specially-tailored “spearfishing” emails with embedded hyperlinks to employees of the victim businesses. When clicked, a malware file would be downloaded which would provide a backdoor into the system to enable it to be accessed remotely. The indictment says the suspects would sometimes wait months before taking any action.
They would also allegedly take steps to avoid being detected.
Wang and another defendant, listed as John Doe, face one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.