Member of Sophisticated China-Based Hacking Group Indicted for Series of Computer Intrusions, Including 2015 Data Breach of Health Insurer Anthem Inc. Affecting Over 78 Million People
A federal grand jury returned an indictment unsealed today in Indianapolis, Indiana, charging a Chinese national as part of an extremely sophisticated hacking group operating in China and targeting large businesses in the United States, including a computer intrusion and data breach of Indianapolis-based health insurer Anthem Inc. (Anthem).
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Josh Minkler for the Southern District of Indiana, Assistant Director Matt Gorham of the FBI’s Cyber Division and Special Agent in Charge Grant Mendenhall of the FBI’s Indianapolis Field office made the announcement.
The four-count indictment alleges that Fujie Wang (王 福 杰 in Chinese Hanzi), 32, and other members of the hacking group, including another individual charged as John Doe, conducted a campaign of intrusions into U.S.-based computer systems. The indictment alleges that the defendants gained entry to the computer systems of Anthem and three other U.S. businesses, identified in the indictment as Victim Business 1, Victim Business 2 and Victim Business 3. As part of this international computer hacking scheme, the indictment alleges that beginning in February 2014, the defendants used sophisticated techniques to hack into the computer networks of the victim businesses without authorization, according to the indictment. They then installed malware and tools on the compromised computer systems to further compromise the computer networks of the victim businesses, after which they identified data of interest on the compromised computers, including personally identifiable information (PII) and confidential business information, the indictment alleges.
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” said Assistant Attorney General Benczkowski. “These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”
“The cyber attack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans,” said U.S. Attorney Minkler. “This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice. I would also like to thank Anthem for its timely and substantial cooperation with our investigation.”
“This case is significant not only because it showcases the FBI’s cyber investigative capabilities, but also because it highlights the importance of FBI and private industry relationships,” said Assistant Director Matt Gorham. “Because the victim companies promptly notified the FBI of malicious cyber activity, we were able to successfully investigate and identify the perpetrators of this large-scale, highly sophisticated scheme. The FBI is committed to investigating cyber-attacks that compromise American industry and the American people. As we did in this case, we will work side by side with victim companies to ensure justice is served.”
What to Do When You’ve Been Hacked
Contact LIFARS.com Cyber Incident Response Team immediately