At last, there is someone convicted for the long lost Equifax data breach. US Department of Justice has today named four Chinese hackers to be responsible for the Equifax data breach in 2016. William Barr, the US General Attorney has today spoken in a press conference revealing about the case.
The Convicts and the story
William Barr says the four persons – Liu Lei, Wang Qian, Wu Zhiyong, and Xu Ke are believed to be members of the Chinese People Liberation Army (PLA)! Barr claims that these four convicts belonged to the 54th Research Institute of PLA, have not only stolen the data of millions, but also the company’s proprietary data.
The timeline says the actual breach happened in summer 2016, and Equifax disclosed it in September 2017. The breach not just comprised of Americans records, but also millions of British and Canadians too. Nevertheless, Americans were the ones highly affected with more than 145.5 million records!
All started with the hackers finding a vulnerability in one of the Equifax’s servers. It’s identified to be Apache Struts server, which serves the firm’s online dispute portal and was unpatched! This led the adversaries to gain access and steal the sensitive data of millions of civilians.
FBI revealed that case was initially challenging, as Equifax has little facts (oy 40 suspected IP addresses) at the start to proceed. Later in September 2018, Equifax published a report detailing the pre and post events of the hack.
William Barr said, “We don’t usually bring criminal charges against military and intelligence officers. There are exceptions though.” Though there are numerous intelligence cases to be concerned about, adversaries focusing on breaching the civilian information and safety are considered first.
The US has previously charged many cybercriminals for such acts. And in terms of Chinese, Equifax conviction marks next to 2014 breach on several US companies. As if now, there are over 1000 cases relating to Chinese hackers handled by the FBI. And most of them are somehow linked to being from State-sponsored groups, APTs.
Source – ZDNet