11 February 2020

U.S. charged four members of Chinese military for 2017 Equifax hack


U.S. charged four members of Chinese military for 2017 Equifax hack

U.S. authorities have charged four members of the Chinese People’s Liberation Army (PLA) for allegedly hacking the computer systems of the credit reporting agency Equifax and stealing the personal information of around 145 million Americans as well as Equifax’s valuable trade secrets.

According to the U.S. Department of Justice announcement, a federal grand jury in Atlanta returned an indictment alleging that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) broke into Equifax's computers and stole sensitive personal information of nearly half of all U.S. citizens. The four men are believed to be members of the 54th Research Institute of the Chinese People’s Liberation Army (PLA), a component of the Chinese military. The men face nine counts including conspiracy to commit computer fraud and conspiracy to commit economic espionage.

The indictment alleges that the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal to conduct reconnaissance and gather login credentials needed to move deeper in the Equifax’s network. The authorities allege that the hackers “spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system”. The data stolen from Equifax’s network was then sent to computers outside the United States.

“In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens,” the indictment said.

According to the indictment, the alleged hackers attempted to evade detection by routing traffic through approximately 34 servers located in nearly 20 countries in order to hide their true location. They also used encrypted communication channels within Equifax’s network to masquerade their activities, and wiped all the traces of their presence on the systems.

Charges against the four include counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud; as well as counts of unauthorized access and intentional damage to a protected computer, economic espionage and wire fraud.

    

Back to the list

Latest Posts

‘Cloud Snooper’ operation uses a unique combination of techniques to evade detection

‘Cloud Snooper’ operation uses a unique combination of techniques to evade detection

The attack involves piggybacking C2 traffic on a legitimate traffic, thus allowing to bypass firewalls.
26 February 2020
PayPal customers hit with fraudulent charges via Google Pay

PayPal customers hit with fraudulent charges via Google Pay

It's not clear what vulnerability is being exploited, but the issue may be related to a bug reported to PayPal a year ago.
25 February 2020
Croatia’s largest petrol station chain joins list of victims of ransomware attacks

Croatia’s largest petrol station chain joins list of victims of ransomware attacks

The CLOP ransomware family is suspected to be involved in the attack.
21 February 2020