Anthem healthcare insurance hacker charged by FBI

US law enforcement pursuing China-based hackers for 11-month hacking campaign

Chinese hacker

The US Government has charged a Chinese man with helping to perpetuate a year-long cyber attack against US healthcare provider Anthem, as well as several other US businesses.

This is according to an indictment filed earlier this week, which charges 32-year-old Shenzhen resident Fujie Wang (AKA Dennis Wang) with four counts of conspiracy to commit fraud, identity theft and computer hacking. Also charged is another China-based individual, who remains unnamed but goes by aliases including Zhou Zhihong, Kim Young and Deniel Jack. Both are currently being pursued by the FBI.

The filing states that Wang and Jack participated in a hacking campaign lasting 11 months, from February 2014 to January 2015, using spearphishing tactics to gain access to Anthem and other victims. Anthem is the US' second-largest provider of health insurance, boasting more than 74 million customers according to its website, and with revenues exceeding $90 billion as of 2017.

The two individuals were "members of an extremely sophisticated hacking group operating in China", the indictment alleges, which was dubbed 'Black Vine' by Symantec researchers and is likely to be behind a string of attacks from 2012 onwards.

These attacks made heavy use of zero-day vulnerabilities in Microsoft's Internet Explorer, and focused on targets in the aerospace and energy industries. In the case of Anthem, the hackers eventually succeeded in making off with the personal data of almost 80 million people, including medical IDs, employment data, birthdays, social security numbers and more.

In yet another example of hackers exploiting supply-chain vulnerabilities, Wang and his co-conspirators used phishing emails to deploy malware on the network of one of Anthem's subsidiaries. The group then moved on to compromise the network of Anthem itself, eventually gaining access to the company's data warehouse and exfiltrating a large quantity of personal information via the use of Citrix's ShareFile transfer service.

Similar tactics were deployed by the group against three further victims. The companies in question have not been named, but operate in the technology, basic materials and communication services sectors, respectively.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

10,000 emails hit with fake FedEx and DHL phishing attacks
phishing

10,000 emails hit with fake FedEx and DHL phishing attacks

24 Feb 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

23 Feb 2021
Hackers are using Google Alerts to help spread malware
hacking

Hackers are using Google Alerts to help spread malware

22 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021