• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

DOJ Indicts Chinese Military Personnel for Involvement in 2017 Equifax Breach

February 11, 2020 By Emily Poole

On February 10, 2020, the U.S. Department of Justice announced charges against four members of China’s People’s Liberation Army (“PLA”) for their alleged involvement in the 2017 Equifax hack that resulted in the theft of the personal information of 145 million Americans.

In the nine-count indictment, the four individuals, Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei, members of the PLA’s 54th Research Institute, were charged with computer fraud, economic espionage, and wire fraud for allegedly conspiring to hack into Equifax’s networks, maintain unauthorized access to those computers, and steal sensitive information, including trade secrets.

The indictment provides significant detail on the attackers’ methods, explaining that in the months leading up to July 2017, the hackers allegedly exploited a vulnerability in the Apache software used the company’s ‘online dispute’ portal, which allowed them to upload multiple unauthorized web shells to a company web server. The attackers then conducted detailed reconnaissance over the course of several weeks, before locating and using a company database service account credentials to access certain back-end databases containing sensitive information. According to the indictment, the hackers ran approximately 9,000 queries to search for and extract data from the databases.

In order to evade detection, the attackers allegedly “routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location, used encrypted communication channels within the company’s network to blend in with normal network activity, and deleted compressed files and wiped log files on a daily basis in an effort to eliminate records of their activity.”

The indictments reflect a recent concerted effort by the Department of Justice to bring charges against state-sponsored hackers following attacks on American companies. Prior to 2018, the only U.S. indictment against Chinese state-sponsored hackers was in 2014, when a grand jury indicted five Chinese military hackers for computer hacking, economic espionage, and other offenses targeting American companies. Beginning in 2018, the Department of Justice has brought charges against Chinese state-sponsored hackers for a series of attacks, including an October 2018 indictment against two Chinese intelligence officers and a December 2018 indictment of two members of the hacking group known as APT10, which is associated with the Chinese Ministry of State Security.

Filed Under: China, Cybersecurity, National Security Tagged With: Department of Justice (DOJ)

About Emily Poole

Emily Poole is an associate on Alston & Bird’s Privacy & Data Security and Cybersecurity Preparedness & Response teams. She focuses her practice on cybersecurity and privacy compliance and enforcement, as well as emerging technology issues.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
  • SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy