Investigators point to China in Anthem attack


Chinese hackers have been linked to the attack on US health insurer Anthem, following the publishing of a confidential FBI security alert to the web.

The bulletin from the bureau claimed hacking group Deep Panda, which is thought to have links to the Chinese government, has been attacking American commercial and government networks – though they did not name which ones.

"Analysis of malware samples indicate a significant amount of the computer network exploitation activities emanated from infrastructure located within China," said the FBI alert, which was obtained by security reporter Brian Krebs.

"The tools used in the attack were referenced in open source reports on Deep Panda. Information obtained from victims indicates that PII (personally identifiable information) was a priority target."

Yet investigative sources speaking to Bloomberg drew an explicit link between China and the attack on Anthem, which is said to have involved personal details and social security numbers of up to 80 million customers.

The FBI added that "stolen PII has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud", though Deep Panda has not been spotted using these tactics.

It also added that unpatched Adobe Flash bugs, often called "zero-day" flaws, have been used by Deep Panda in the past. Since the start of this year three such vulnerabilities have been publicly disclosed and fixed by the software vendor.

"Any activity related to this group detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement," it said.

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *


  • Favorite list is empty.
FavoriteLoadingClear favorites

Your favorite posts saved to your browsers cookies. If you clear cookies also favorite posts will be deleted.