11 February 2020

U.S. charged four members of Chinese military for 2017 Equifax hack


U.S. charged four members of Chinese military for 2017 Equifax hack

U.S. authorities have charged four members of the Chinese People’s Liberation Army (PLA) for allegedly hacking the computer systems of the credit reporting agency Equifax and stealing the personal information of around 145 million Americans as well as Equifax’s valuable trade secrets.

According to the U.S. Department of Justice announcement, a federal grand jury in Atlanta returned an indictment alleging that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) broke into Equifax's computers and stole sensitive personal information of nearly half of all U.S. citizens. The four men are believed to be members of the 54th Research Institute of the Chinese People’s Liberation Army (PLA), a component of the Chinese military. The men face nine counts including conspiracy to commit computer fraud and conspiracy to commit economic espionage.

The indictment alleges that the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal to conduct reconnaissance and gather login credentials needed to move deeper in the Equifax’s network. The authorities allege that the hackers “spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system”. The data stolen from Equifax’s network was then sent to computers outside the United States.

“In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens,” the indictment said.

According to the indictment, the alleged hackers attempted to evade detection by routing traffic through approximately 34 servers located in nearly 20 countries in order to hide their true location. They also used encrypted communication channels within Equifax’s network to masquerade their activities, and wiped all the traces of their presence on the systems.

Charges against the four include counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud; as well as counts of unauthorized access and intentional damage to a protected computer, economic espionage and wire fraud.

    

Back to the list

Latest Posts

500 Chrome extensions secretly pilfered data from millions of users

500 Chrome extensions secretly pilfered data from millions of users

The extensions were part of a malvertising and ad-fraud campaign that has been active since at least since January 2019.
14 February 2020
Hamas-linked hackers target victims in Palestinian territories

Hamas-linked hackers target victims in Palestinian territories

The hackers exploit current geopolitical events to spy on Palestinian entities and individuals.
13 February 2020
The Outlaw hacking group returns with updated kit, targets businesses in the U.S and Europe

The Outlaw hacking group returns with updated kit, targets businesses in the U.S and Europe

The group used a combination of pre-existing tools and new techniques to monitor for programs that could detect its malware.
13 February 2020