Security Experts:

Connect with us

Hi, what are you looking for?



Equifax Breach is the Latest of Many Hacks Linked to China

In 2014, the Obama administration accused five Chinese military agents of targeting Pittsburgh-area industrial companies including Westinghouse Electric, Alcoa and U.S. Steel. Since then, the number of companies allegedly targeted by Chinese hackers has only grown.

In 2014, the Obama administration accused five Chinese military agents of targeting Pittsburgh-area industrial companies including Westinghouse Electric, Alcoa and U.S. Steel. Since then, the number of companies allegedly targeted by Chinese hackers has only grown.

Chinese President Xi Jinping assured th en-President Barack Obama in 2015 his military would stop stealing commercial secrets from U.S. companies. The evidence indicates that pledge was short-lived, if it was honored at all.

The latest in a string of China-linked hacking incidents came with the Monday indictment of four members of the Chinese military for breaking into the credit-reporting agency Equifax in 2017. The motives, as with several others hacks that preceded it, appear to be more about espionage than stealing trade secrets, cybersecurity experts say.

China Flag with Cyber

Among other things, experts who monitor the dark web say they have seen no evidence of data stolen in the Equifax hack — or in an earlier breach of Marriott — being sold to common criminals for ID theft and credit card fraud.

The state-backed Chinese hackers allegedly vacuumed up billions of data points on Americans that could be used to cross-reference data and obtain deep insights into individual lives. The data could be used in the recruitment of spies, and the hackers may have seeded cover identities for Chinese agents inside Equifax’s databases, said Priscilla Moriuchi, a former NSA employee now at the cybersecurity firm Recorded Future.

Here are the biggest cases of wholesale data theft blamed on Chinese agents.


In a devastating blow to U.S. national security, the personal data of more than 21 million current, former and prospective federal employees was stolen. Although a first hacker was detected in March 2014, a second intruder went undetected until April 2015, by which time data on security clearances, background checks and fingerprint records had been extracted. A House inquiry said the hack was likely the work of “Deep Panda,” a group linked to the Chinese military.


Hackers stole personal information on nearly 80 million current and former customers and employees of the Indiana-based health insurer over at least seven months ending in January 2015. Two members of a hacking group operating from China were later indicted in the biggest health care hack in U.S. history.

Stolen data included Social Security numbers, birth dates, email addresses, employment details, incomes and street addresses. Anthem said it had no evidence that medical or financial information was taken or than any of the data stolen resulted in fraud.

The security firm Symantec said the hack was believed to be the work of a well-resourced Chinese group it called Black Vine that had been conducting cyber-espionage targeting industries including aerospace, energy and health care.


Beginning in 2014, hackers extracted data including credit card and passport numbers, birth dates, phone numbers and hotel arrival and departure dates on as many as 383 million guests of the hotel chain. The breach went undetected for four years and affected hotels in the Starwood chain that Marriott acquired in 2016.

Analysts noted that information from hotels — common venues of extramarital trysts and corporate espionage — could be used for blackmail and counterespionage. On Monday, Attorney General William Barr blamed the hack on Chinese agents.


Two hackers were indicted in December 2018 for extensive data theft from major corporations in the U.S. and nearly a dozen other nations beginning in 2006, allegedly on behalf of Beijing’s main intelligence agency. They allegedly obtained names, Social Security numbers and other personal information of more than 100,000 Navy personnel.

Targets included NASA’s Jet Propulsion Lab and Goddard Space Center. The indictment said more than 45 technology companies were targeted by the group, known as “Stone Panda,” and that other victims spanned strategic industries from aerospace to factory automation, laboratory instruments and biotechnology.

Related: The United States and China – A Different Kind of Cyberwar

RelatedChina is a Target – Just Like Us

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...