China on Friday rejected accusations it was behind a hacking attack that saw data on up to 80 million customers stolen from health insurance giant Anthem as "groundless".
The Bloomberg News agency cited three people with knowledge of Anthem's investigation as saying cybersleuths believed the breach bore the hallmarks of previous attacks blamed on Chinese hackers.
"The US side should not make groundless accusations against China," foreign ministry spokesman Hong Lei said at a regular briefing in Beijing.
"It is unreasonable to make an accusation without enough evidence."
The cyberattack is the latest where U.S. investigators say evidence points to China. FBI director James Comey last October said it was at the "top of the list" of countries launching cyberattacks on U.S.firms.
Last year, five members of a Chinese army hacking team known as Unit 61398 were indicted by federa rosecutors on charges of stealing information from companies, including nuclear plant manufacturer Westinghouse, SolarWorld and U.S. Steel.
"It is very difficult to determine the source of hacking activities, especially when it is carried out across borders," Hong said.
The information stolen from Anthem includes names, birth dates, social security numbers, street addresses, email addresses and employment information, the company said.
Bloomberg and The Wall Street Journal reported that while the investigation into the attack was in its early stages, there were indications it could be part of a broader spying campaign rather than profit-driven identity theft.
With details about a person's medical records, for example, cyber spies could craft emails that appeared legitimate to busniess or government agency workers but were rigged with malicious software to gain access to their employers' computers networks.
The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group -- defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.
The Anthem theft follows breaches of companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that have touched the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully. Though President Barack Obama promised action against North Korea after the destruction of property at Sony Pictures Entertainment, corporations and the government have struggled to come up with appropriate responses to attacks that fall into a gray area between espionage and crime.
Technical details of the attack include “fingerprints” of a nation-state, according to two people familiar with the investigation, who said China is the early suspect.
The Federal Bureau of Investigation is leading the investigation, according to Anthem, which has hired FireEye Inc., a Milpitas, California-based security company, to assist.
Hackers could use stolen information -- which Anthem said in its case included birth dates and e-mail addresses -- to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks. Government officials have been investigating whether foreign interests are using personal, financial or medical information as leverage to gain intelligence from people who want their information to stay private, according to the U.S. official.
Michael Daniel, President Obama’s chief adviser on cybersecurity, said this morning that he was among the Anthem customers who had their personal information taken.
Among those insured by Anthem have been employees of Northrop Grumman Corporation, according to the insurer’s website, while the company has processed claims for workers at The Boeing Company in Missouri. Boeing has about 15,000 workers in Missouri, where the company’s defense unit is based. Those and other defense contractors could be of interest to foreign intelligence organizations.
Anthem spokeswoman Kristin Binns declined to comment.
John Dern, a spokesman for Boeing, and Mark Root, a spokesman for Northrop Grumman, didn’t immediately comment. Jenny Shearer, a spokeswoman for the FBI, declined to comment.
In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike, an Irvine, Califorinia-based cybersecurity firm. He declined to name any of the companies affected.
“This goes well beyond trying to access health-care records,” Meyers said. “If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection.”
That doesn’t mean that personal information wouldn’t make its way to criminals, he cautioned, pointing to the possibility of moonlighting by hackers who work by day for China.
A different major U.S. health insurer was breached recently by Chinese hackers, according to a person involved in that investigation, who asked not to be identified because the matter is confidential. In that case, investigators concluded that the goal of the hack was to obtain information on the employees of a defense contractor that makes advanced avionics and other weaponry, said the person, who declined to identify the insurer.
The hackers first hijacked a translation website that the insurer’s customer representatives used when dealing with foreign clients, using it to implant malware on the company’s computers, the person said.
“A lot of these healthcare companies have a lot of very trusted relationships at the network level and the corporate level to some very hard targets on the federal side and the commercial side,” said Orion Hindawi, co-founder and chief technology officer for Tanium Inc., a Berkeley, California-based security firm that is used by banks, healthcare and other companies.
“The healthcare environment is in an unfortunate position: It didn’t expect to be a high, heavy target five years ago, so they didn’t prepare,” Hindawi said. “They didn’t expect to have advanced threats from nation-state actors targeting them.”
At Anthem, officials detected the theft of the trove of customer information as it was being sent from its computers on Jan. 29, according to one of the people.
Meyers said the breach fits the pattern of a hacking unit that Crowdstrike calls Deep Panda, which over the last several months has targeted both defense contractors and the health care industry.
The Anthem investigation is young, several people involved cautioned, saying the final determination of the hackers’ identity could ultimately change. The estimated number of customers whose data was stolen could also turn out to be lower, one of the people said.
U.S. intelligence officials have been increasingly concerned that repeated attacks on medical and pharmaceutical firms are at least in part efforts to obtain personal information for espionage purposes.
Two officials, who spoke on condition of anonymity to discuss classified efforts to pursue the attackers, said a number of the attacks came from the People’s Liberation Army’s Unit 61398. Five members of that Shanghai-based hacking unit were indicted by federal prosecutors last year.
A different and more sophisticated group attacked Anthem, based on initial indications, two people familiar with the investigation said.
Like many other Chinese hacking campaigns, the attacks appear to serve multiple purposes -- one commercial and the other related to national security -- said one of the U.S. officials. The attacks, this official and a former intelligence officer said, can test a firm’s ability to protect intellectual property and financial information, while simultaneously stealing prescription records, medical treatment histories and other personal information that could be used to blackmail individuals to reveal national security and trade secrets.
The attacks apply new technology to some of the oldest espionage trade craft in the world, the former official added.
© 2023 Newsmax. All rights reserved.