The US has charged a Chinese national for the 2015 data breach of health insurance provider Anthem, which pilfered the personal records on 78.8 million people.

On Thursday, the Justice Department unsealed an indictment against 32-year-old Fujie Wang, claiming he was part of an elite Chinese hacking group that broke into Anthem and three other unnamed US businesses.

According to federal investigators, Wang and his hacking group began targeting the US companies starting in Feb. 2014. The group first used spear-phishing email attacks on company employees to trick them into downloading malware onto their computers. Once the malware was installed, the hackers then had a backdoor into the company's IT systems.

"The defendants sometimes patiently waited months before taking further action, eventually engaging in reconnaissance by searching the network for data of interest," the Justice Department said. "This data included PII (personally identifiable information) and confidential business information."

In the case of Anthem, the stolen files comprised of people's names, dates of birth, social security numbers, addresses, phone numbers, and employment information —enough data to easily commit identity theft on the affected victims. To exfiltrate the records, Wang and his hacking group placed the information in encrypted archive files, which were then sent through multiple computers to reach destinations in China.

Why Wang stole the data wasn't mentioned in the unsealed indictment. The charges also stopped short of connecting the attacks with the Chinese government. But federal investigators claim Wang's hacking group in total targeted businesses in four distinct sectors: health, technology, communication services, and the processing of raw materials. The remaining three victim businesses all "had to store and use large amounts of data, including confidential business information," the indictment notes.

The US is charging Wang based on evidence he controlled two domain names used in the hacking operation. The first domain was associated with the malware his group used to break into one of the victim companies. Meanwhile, the second domain hosted a server used to create an email account to send the spear-phishing emails.

According to the FBI, Wang is known to reside in Shenzhen, China. The agency has issued a wanted poster, calling for his arrest. The indictment also claims that Wang worked with another unnamed accomplice, who went by the names "Zhou Zhihong," "Kim Young and "Deniel Jack."

Both Wang and his partner have been charged with conspiracy to commit fraud, and for computer crimes.

Further Reading

Security Reviews