Anthem Breach Evidence Points to China, Security Researchers Say

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/security/anthem-breach-evidence-points-to-china-security-researchers-say.html

By Robert Lemos
eWEEK.com
2015-02-28

A new open-source intelligence analysis of the breach of health insurer 
Anthem has reinforced theories that the data theft leads back to a Chinese 
espionage program, security firm ThreatConnect stated on Feb. 27.

In the report, which is based on public sources or "open-source" 
intelligence, security researchers at ThreatConnect and other companies 
found technical evidence that linked the malware reportedly used in the 
Anthem attack to a Chinese espionage group and a professor at Southeast 
University, which works with a government contractor, Beijing Topsec 
Technology Co.

A variety of evidence—including email addresses, domains registered for 
the command-and-control servers and the certificate used to sign the 
malware—led back to the trio of actors, Rich Barger, chief intelligence 
officer for ThreatConnect, told eWEEK.

"All of this evidence, from the technical aspect, pointed back to China in 
numerous ways despite the actors' best efforts to shroud their origins," 
Barger said. "They made an effort to hide, but they messed up."

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/