The Federal Bureau of Investigation alongside other agencies are investigating the recent hack that lead to the disclosure of up to 80 million accounts from healthcare insurance provider Anthem Inc.
According to a report from Bloomberg, which is quoting a private FBI memo as well as unnamed sources, the investigation is so far pointing towards a campaign of state-sanctioned hacking coming directly from China.
The breach at Anthem is one of the biggest in history, both in the healthcare department and in the private company category. And its goal seems to have been very specific, in that the hackers are collecting private data on government and government-related employees, which can later be used in phishing attacks.
This breach is actually just the latest in a series of attacks that all seem to target the personal information of government employees, defense contractors, advanced technology manufacturers with government contracts and so on.
Security expert Brian Krebs disclosed a confidential FBI advisory, which the Bloomberg report also seems to quote. The federal agency warns of recent attacks by “a group of cyber actors who have compromised and stolen sensitive business information and Personally Identifiable Information (PII) from US commercial and government networks through cyber espionage.”
The notice goes on to mention that the malware used in recent attacks seems to emanate from China. A hacking group known as DEEP PANDA is behind a number of these attacks. Previously they have used Adobe Flash zero-day exploits to infiltrate the victims’ networks. The early investigation into the Anthem breach points to similarities to said previous attacks, though as more info is uncovered the prime suspect may change.
As for DEEP PANDA they have been monitored not only by government agencies but also by private security companies such as CrowdStrike, which notes:
CrowdStrike has monitored DEEP PANDA targeting critical and strategic business verticals including: government, defense, financial, legal, and the telecommunications industries. At the think tanks, [we have] detected targeting of senior individuals involved in geopolitical policy issues, in particular in the China/Asia Pacific region. DEEP PANDA presents a very serious threat not just to think tanks, but also multinational financial institutions, law firms, defense contractors, and government agencies.
Meanwhile, as Krebs notes, the question of who perpetrated the attack on Anthem is not the only one that needs answering. Others need answers as well. Such as when did Anthem find out about it? How long did the breach last and, most importantly, what can other companies do to protect themselves?
As for those affected there’s mixed news and it probably doesn’t have an upside. Yes, the attacks seem to have been focused on gathering personal information of specific individuals, but that doesn’t make it any less likely that all the personal information will end up in the hands of cyber criminals.
And companies which only a few years ago might have considered themselves safe because of their seemingly low-value as a target, may now need to scramble to shore up their digital defenses as the times change and they suddenly find themselves in the front lines.