Show vulnerabilities with patch / with exploit
11 February 2020

U.S. charged four members of Chinese military for 2017 Equifax hack


U.S. charged four members of Chinese military for 2017 Equifax hack

U.S. authorities have charged four members of the Chinese People’s Liberation Army (PLA) for allegedly hacking the computer systems of the credit reporting agency Equifax and stealing the personal information of around 145 million Americans as well as Equifax’s valuable trade secrets.

According to the U.S. Department of Justice announcement, a federal grand jury in Atlanta returned an indictment alleging that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) broke into Equifax's computers and stole sensitive personal information of nearly half of all U.S. citizens. The four men are believed to be members of the 54th Research Institute of the Chinese People’s Liberation Army (PLA), a component of the Chinese military. The men face nine counts including conspiracy to commit computer fraud and conspiracy to commit economic espionage.

The indictment alleges that the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal to conduct reconnaissance and gather login credentials needed to move deeper in the Equifax’s network. The authorities allege that the hackers “spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system”. The data stolen from Equifax’s network was then sent to computers outside the United States.

“In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens,” the indictment said.

According to the indictment, the alleged hackers attempted to evade detection by routing traffic through approximately 34 servers located in nearly 20 countries in order to hide their true location. They also used encrypted communication channels within Equifax’s network to masquerade their activities, and wiped all the traces of their presence on the systems.

Charges against the four include counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud; as well as counts of unauthorized access and intentional damage to a protected computer, economic espionage and wire fraud.

    

Back to the list

Latest Posts

Weekly security roundup: July 6, 2020

Weekly security roundup: July 6, 2020

A short overview of last week's top stories in the world of cyber security.
6 July 2020
North Korean hackers pivot from cryptocurrency theft and ransomware campaigns to online skimming

North Korean hackers pivot from cryptocurrency theft and ransomware campaigns to online skimming

Hidden Cobra has been compromising online stores of large US retailers since at least May 2019.
6 July 2020
Hackers are already attempting to exploit F5 BIG-IP vulnerability

Hackers are already attempting to exploit F5 BIG-IP vulnerability

Two days after the patches for the CVE-2020-5902 flaw have been issued security researchers have started releasing PoC exploits for the vulnerability.
6 July 2020