A Chinese national is facing charges for being a part of an extremely sophisticated hacking group operating in China and targeting large businesses in the United States, including a computer intrusion and data breach of Indianapolis, IN-based health insurer Anthem Inc.

Fujie Wang, 32, and other members of the hacking group, including another individual charged as John Doe, conducted a campaign of intrusions into U.S.-based computer systems, according to the indictment unsealed Thursday by a federal grand jury in Indianapolis.

Feds Bust a Darknet Infrastructure Force
Accused ‘Malvertiser’ Extradited to U.S.
3 Germans Charged in Dark Web Market Op
Russian Man Indicted For Cyber Tax Fraud

The indictment said the defendants gained entry to the computer systems of Anthem and three other U.S. businesses, identified in the indictment as Victim Business 1, Victim Business 2 and Victim Business 3. As part of this international computer hacking scheme, the indictment alleges beginning in February 2014, the defendants used sophisticated techniques to hack into the computer networks of the victim businesses without authorization, according to the indictment. They then installed malware and tools on the compromised computer systems to further compromise the computer networks of the victim businesses, after which they identified data of interest on the compromised computers, including personally identifiable information (PII) and confidential business information, according to the indictment.

“These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII,” said Assistant Attorney General Brian A. Benczkowski.

Schneider Bold

“The cyber attack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans,” said U.S. Attorney Josh Minkler. “This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice. I would also like to thank Anthem for its timely and substantial cooperation with our investigation.”

Public, Private Sector
“This case is significant not only because it showcases the FBI’s cyber investigative capabilities, but also because it highlights the importance of FBI and private industry relationships,” said Assistant Director Matt Gorham. “Because the victim companies promptly notified the FBI of malicious cyber activity, we were able to successfully investigate and identify the perpetrators of this large-scale, highly sophisticated scheme. The FBI is committed to investigating cyber-attacks that compromise American industry and the American people. As we did in this case, we will work side by side with victim companies to ensure justice is served.”

The indictment also found the defendants collected files and other information from the compromised computers and then stole this data. As part of the computer intrusion and data breach of Anthem, the defendants identified and ultimately stole data concerning approximately 78.8 million persons from Anthem’s computer network, including names, health identification numbers, dates of birth, Social Security numbers, addresses, telephone numbers, email addresses, employment information and income data, according to the indictment.

Wang and Doe are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.

Sophisticated Hack
In the course of conducting the attack, the accused used extremely sophisticated techniques to hack into the computer networks of the victim businesses, according to the indictment. These techniques included the sending of specially-tailored “spearfishing” emails with embedded hyperlinks to employees of the victim businesses. After a user accessed the hyperlink, a file was downloaded which, when executed, deployed malware that would compromise the user’s computer system by installing a backdoor that would provide remote access to that computer system through a server controlled by the defendants.

The defendants sometimes patiently waited months before taking further action, eventually engaging in reconnaissance by searching the network for data of interest, according to the indictment. This data included PII and confidential business information. The indictment said the defendants accessed the computer network of Anthem without authorization for the purpose of conducting reconnaissance on Anthem’s enterprise data warehouse, a system that stores a large amount of PII, on multiple occasions in October and November 2014.

The indictment further said once the data of interest had been identified and located, the defendants then collected the relevant files and other information from the compromised computers using software tools. The defendants then stole the data of interest by placing it into encrypted archive files and then sending it through multiple computers to destinations in China. The indictment said on multiple occasions in January 2015, the defendants accessed the computer network of Anthem, accessed Anthem’s enterprise data warehouse, and transferred encrypted archive files containing PII from Anthem’s enterprise data warehouse from the United States to China.

Pin It on Pinterest

Share This