ANTM Anthem Inc

By Dustin Volz 

This article is being republished as part of our daily reproduction of WSJ.com articles that also appeared in the U.S. print edition of The Wall Street Journal (May 10, 2019).

A Chinese national and an unnamed co-defendant were indicted on Thursday on computer hacking charges related to a campaign to breach large U.S. businesses, including the 2015 theft of data from health insurer Anthem Inc., the Justice Department said.

Fujie Wang, 32 years old, and another individual were accused in a four-count indictment of working for what prosecutors described as "an extremely sophisticated hacking group operating in China," though they didn't name the group.

"The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history," said U.S. assistant attorney general Brian Benczkowski in a statement.

In addition to Anthem, the hackers are accused of breaching at least three other U.S. businesses, none of which were named in the indictment.

Prosecutors were unable to find clear links between the attacks and the Chinese state, according to people familiar with the case. But the charges are the latest in a series of prosecutions to emerge in recent months accusing either the Chinese government or Chinese nationals of making cyberattacks against U.S. companies, an effort that has coincided with the Trump administration's tough posture with Beijing over trade disputes. The FBI and Justice Department have said that Chinese economic espionage, often driven by cyberattacks, is a major strategic threat.

Cybersecurity experts and U.S. officials have long suspected Chinese actors were responsible for the attack on Anthem, which pilfered data like social security numbers, addresses and employment information from nearly 80 million people. The indictment didn't address whether the Chinese actors had a connection with the Chinese government.

"There is no evidence that information obtained through the 2015 cyberattack targeting Anthem has resulted in fraud," a spokeswoman for Anthem said.

The Anthem breach was one of the largest on record when it surfaced, but has been eclipsed by several far larger cyberattacks in the years since. The insurer agreed in 2017 to pay $115 million to settle litigation related to the hack, which lawyers described at the time as the largest settlement ever for a data breach. The money was used to pay for two years of credit monitoring.

The indictment alleges the hackers engaged in sophisticated techniques to hack into corporate networks, including through so-called spear-phishing attacks, the practice of targeting individuals by leveraging public information and posing as a known or trustworthy sender. Once inside victims' computers, the hackers are alleged to have "patiently waited months" before stealing data.

The FBI released a wanted poster of Mr. Wang, stating he was known to reside in Shenzhen, China.

Prosecutors described a persistent, yearlong campaign to break into U.S. corporate networks that began in February 2014 and was geared toward harvesting personally identifiable information and confidential business information. After seizing information on victim networks, the defendants used encrypted archive files to send the purloined data through multiple computers back to destinations in China in part by using the Citrix ShareFile data-storage and transfer service, prosecutors said.

Once the data arrived back in China, the defendants deleted the encrypted archive files to avoid detection, prosecutors said.

Investigators said they found evidence of an intrusion into Anthem as early as May 2014. The other three companies, described as part of the technology, basic-materials and communications-services sectors, were hit in September 2014, October 2014 and January 2015, according to the indictment.

FBI officials praised Anthem's cooperation during the investigation.

"Because the victim companies promptly notified the FBI of malicious cyber activity, we were able to successfully investigate and identify the perpetrators," said Matt Gorham, the assistant director of the FBI cyber division.

In 2015, the cybersecurity company ThreatConnect said it had uncovered forensic links between Chinese state-sponsored researchers and the hack of Anthem, supporting a view shared by many other security experts and U.S. officials.

But prosecutors often encounter challenges compiling enough declassified evidence to identify and charge hackers, and discerning direct connections to a government is often the hardest part of a cyber investigation, according to former U.S. officials and security experts.

"We have seen incidents where criminals working for a state security service have been in the systems carrying out their criminal schemes while simultaneously serving the interests and responding to tasking from a security service," said John Hultquist, director of intelligence analysis at the cybersecurity company FireEye.

--Aruna Viswanatha contributed to this article.

Write to Dustin Volz at dustin.volz@wsj.com

Corrections & Amplifications The FBI released a wanted poster of Fujie Wang, stating he was known to reside in Shenzhen, China. An earlier version of this article incorrectly referred to him as Mr. Fujie on second reference. Fujie is Mr. Wang's first name. (May 9, 2019)

(END) Dow Jones Newswires

May 10, 2019 02:47 ET (06:47 GMT)

Copyright (c) 2019 Dow Jones & Company, Inc.