Anthem Breach Evidence Points to China, Security Researchers Say
Security researchers have traced the theft of customer data from health insurer Anthem's data systems to a professor at a Chinese university with links to a defense contractor.A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or "open-source" intelligence, security researchers at ThreatConnect and other companies found technical evidence that linked the malware reportedly used in the Anthem attack to a Chinese espionage group and a professor at Southeast University, which works with a government contractor, Beijing Topsec Technology Co. A variety of evidence—including email addresses, domains registered for the command-and-control servers and the certificate used to sign the malware—led back to the trio of actors, Rich Barger, chief intelligence officer for ThreatConnect, told eWEEK. "All of this evidence, from the technical aspect, pointed back to China in numerous ways despite the actors' best efforts to shroud their origins," Barger said. "They made an effort to hide, but they messed up."
The analysis is the latest attempt to gain insight into the massive breach of Anthem, the largest health care insurer of the 37 companies that make up the Blue Cross Blue Shield Association. In early February, the company, formerly known as Wellpoint, announced that attackers may have accessed personally identifiable information on more than 80 million patients, including names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses and employment information. The information of other Blue Cross Blue Shield members who were treated in the regions served by Anthem may have also been compromised.