Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Chinese Military Hackers Charged Over Equifax Data Breach

The United States government has officially charged four members of China’s People’s Liberation Army (PLA) with hacking into credit reporting agency Equifax and being responsible for the massive data breach that exposed highly sensitive information on more than 145 million Americans.

The United States government has officially charged four members of China’s People’s Liberation Army (PLA) with hacking into credit reporting agency Equifax and being responsible for the massive data breach that exposed highly sensitive information on more than 145 million Americans.

According to the Department of Justice, a federal grand jury in Atlanta returned a nine-count indictment last week alleging that Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, were members of the PLA’s 54th Research Institute, a component of the Chinese military, and are responsible for the hack.  

The indictment also accused the group of stealing corporate intellectual property (IP) from Equifax.

“This was a deliberate and sweeping intrusion into the private information of the American people,” said Attorney General William P. Barr, who made the announcement. “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”

As previously known, the indictment affirmed that the hackers exploited a vulnerability (CVE-2017-5638) in the Apache Struts Web 2 software used by Equifax’s online dispute portal to gain access to the sensitive data.

“The defendants spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system,” the Justice Department said. “Once they accessed files of interest, the conspirators then stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and exfiltrate the data from Equifax’s network to computers outside the United States. In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens.”

The indictment also charges the defendants with stealing Equifax’s data compilations and database designs. 

In an attempt to cover their tracks, the attackers allegedly routed traffic through approximately 34 servers located in nearly 20 countries and used encrypted network traffic within Equifax’s network to blend in with normal network activity. They are also said to have deleted compressed files and wiped log files daily in an effort to eliminate records of their activity.

Advertisement. Scroll to continue reading.

According to a 2018 report from the U.S. Government Accountability Office (GAO), it took Equifax 76 days to detect the data breach.

“We are grateful to the Justice Department and the FBI for their tireless efforts in determining that the military arm of China was responsible for the cyberattack on Equifax in 2017,” Equifax CEO Mark W. Begor said in a statement. “It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime – with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target U.S. consumers, businesses and our government. The attack on Equifax was an attack on U.S. consumers as well as the United States.”

State sponsored hackers from China have also been suspected of being responsible for the massive Marriott data breach announced in 2018 that affected as many as 500 million individuals, and has also been the main suspect in the massive breach disclosed by the U.S. Office of Personnel Management (OPM) in 2015 that exposed millions of U.S. Government workers. In May 2019, the U.S. announced charges against Chinese hackers in conjunction with the 2015 data breach that impacted health insurer Anthem. 

RelatedEquifax Ordered to Spend $1B on Data Security Under Data Breach Settlement

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.