Monday, June 3, 2019
On May 9, 2019, the United States Department of Justice announced the indictment of two Chinese Nationals as members of a sophisticated hacking group responsible for the hack of Anthem, Inc. and other unnamed U.S. based large technology, communications, and basic materials companies. The hack resulted in the breach of personally identifiable information of over 78 million individuals held by Anthem and the theft of confidential business information from the victimized organizations. The indictment provides a roadmap to advanced hacking attacks regularly faced by technology, healthcare, and infrastructure organizations with valuable data to protect. The indictment serves as a reminder that organizations subject to advanced persistent threat from organized hacking groups should adopt a defense in depth strategy including workforce cybersecurity training, vulnerability scanning, network monitoring and comprehensive incident response plans to thwart or mitigate these attacks. These protective countermeasures should be part of the organization’s formalized information security program.
According to DOJ, the hackers are allegedly part of a sophisticated hacking group operating inside China targeting large businesses within the United States. The hackers allegedly picked their targets because they stored large amounts of confidential business information on their computer networks. The hackers used a combination of social engineering (i.e., spear phishing), backdoor malware, privilege escalation, and encrypted file transfers to attack the networks and steal personal and confidential business information.
The indictment highlights the sophisticated hacking techniques used by advanced hacking groups and the importance of adopting appropriate countermeasures as part of a st ..
Support the originator by clicking the read the rest link below.
