Chinese Military Hackers Charged in Equifax Breach
Intrusion Affected Nearly Half of All Americans
Today, the U.S. Department of Justice announced charges against four Chinese military-backed hackers in connection with carrying out the 2017 cyberattack against Equifax, a consumer credit reporting agency. The intrusion led to the largest known theft of personally identifiable information ever carried out by state-sponsored actors.
Investigators had previously discovered and announced the type of malware that allowed the hackers to harvest addresses, birth dates, Social Security numbers, and other data on approximately 145 million Americans. Today’s indictment charges that members of the People’s Liberation Army—the armed forces of the People’s Republic of China—were behind that malware attack.
According to the indictment, Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei exploited a vulnerability in the dispute resolution website within the Equifax system. From that initial access point, the hackers used a number of techniques to force their way into the company’s network and back-end databases.
In announcing the charges, U.S. Attorney General William Barr said the Equifax intrusion is among other efforts by the Chinese government to steal the personal data of Americans. The Justice Department believes the Chinese were also responsible for breaching systems controlled by the Office of Personnel Management, Marriott hotels, and the health insurance company Anthem.
“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence-targeting packages,” Barr said. “In addition to the thefts of sensitive personal data, our cases reveal a pattern of state-sponsored computer intrusions and thefts by China targeting trade secrets and confidential business information.”
“We in law enforcement will not let hackers off the hook just because they’re halfway around the world.”
FBI Deputy Director David Bowdich
To uncover the actors behind the Equifax theft, a broad and multinational investigative team led by the FBI’s Atlanta Field Office tracked the crime’s digital breadcrumbs back to the four co-conspirators—who allegedly used servers in multiple countries and approximately 40 different IP addresses to disguise the origin of the attack.
FBI Deputy Director David Bowdich said today’s announcement is “a testament to the hard work and determination of everyone involved in this investigation.”
Bowdich also said that although these types of breaches have become disturbingly common, businesses cannot become complacent about protecting data and consumers. “And as American citizens, we cannot be complacent about protecting our sensitive personal data,” Bowdich emphasized. “We in law enforcement will not let hackers off the hook just because they’re halfway around the world. We’ve got to do everything we can to keep people safe, secure, and confident online.”
You can find additional information about the Equifax data breach through the Federal Trade Commission at ftc.gov/equifax.
Learn more about protecting your personal and business systems and reporting cyber-enabled crime at the FBI’s Internet Crime Complaint Center.