11 February 2020

U.S. charged four members of Chinese military for 2017 Equifax hack


U.S. charged four members of Chinese military for 2017 Equifax hack

U.S. authorities have charged four members of the Chinese People’s Liberation Army (PLA) for allegedly hacking the computer systems of the credit reporting agency Equifax and stealing the personal information of around 145 million Americans as well as Equifax’s valuable trade secrets.

According to the U.S. Department of Justice announcement, a federal grand jury in Atlanta returned an indictment alleging that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) broke into Equifax's computers and stole sensitive personal information of nearly half of all U.S. citizens. The four men are believed to be members of the 54th Research Institute of the Chinese People’s Liberation Army (PLA), a component of the Chinese military. The men face nine counts including conspiracy to commit computer fraud and conspiracy to commit economic espionage.

The indictment alleges that the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal to conduct reconnaissance and gather login credentials needed to move deeper in the Equifax’s network. The authorities allege that the hackers “spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system”. The data stolen from Equifax’s network was then sent to computers outside the United States.

“In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens,” the indictment said.

According to the indictment, the alleged hackers attempted to evade detection by routing traffic through approximately 34 servers located in nearly 20 countries in order to hide their true location. They also used encrypted communication channels within Equifax’s network to masquerade their activities, and wiped all the traces of their presence on the systems.

Charges against the four include counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud; as well as counts of unauthorized access and intentional damage to a protected computer, economic espionage and wire fraud.

    

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024