The Anthem hack, disclosed in February 2015, compromised the sensitive personal data of approximately 78.8 million Americans. | Getty Images cybersecurity Chinese nationals charged for Anthem hack, 'one of the worst data breaches in history'

Federal prosecutors have charged two Chinese nationals for hacking Anthem and three other U.S. businesses as part of what the Justice Department called “an extremely sophisticated hacking group.”

An indictment unsealed Thursday charges Fujie Wang and an unnamed co-conspirator with four counts, including conspiracy to commit wire fraud and intentional damage to a protected computer, in connection with the intrusions.


The Anthem hack, disclosed in February 2015, compromised the sensitive personal data of approximately 78.8 million Americans.

Wang and the other Chinese hackers “used extremely sophisticated techniques” like customized spearphishing emails and backdoor malware to breach their targets, prosecutors alleged. After penetrating corporate servers, the indictment says, the hackers used lateral movement and privilege escalation to access more and more data.

“Defendants sometimes patiently waited months before taking further action, quietly maintaining access to the Victim’s network,” according to the indictment.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

After canvassing target networks for the data they wanted to steal, the intruders wrapped it up in encrypted archives to obscure it as they moved it to servers they controlled.

Investigators found intrusions into the Anthem network as early as May 13, 2014. The indictment mentions intrusions into the other victims’ networks in September 2014, October 2014 and January 2015. The hackers continued breaching Anthem computers during this period.

The other three companies, which are not named, were in the technology, basic materials and communications services sectors.

Prosecutors said that Wang controlled two domain names that were used to host malware and launch the spearphishing attacks.

Brian Benczkowski, the assistant attorney general in charge of DOJ’s Criminal Division, called the Anthem hack “one of the worst data breaches in history.”

“The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur,” he said in a statement.

Officials praised Anthem for its cooperation with the FBI’s investigation. Matt Gorham, the head of the bureau’s Cyber Division, said the case “showcases the FBI’s cyber investigative capabilities” and “highlights the importance of FBI and private industry relationships.”