The United States Department of Justice officially charged 4 members of the China’s PLA’s 54th Research Institute, a division of the Chinese military, with hacking into credit reporting agency Equifax.
The four members of the Chinese military unit are Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊), the DoJ’s indictment also states that they have stolen corporate intellectual property (IP) from the company.
The four men are still at large, residing in China.
In September 2017, Equifax Inc.
According to Attorney General William Barr and FBI Deputy Director David Bowdich, the Equifax data breach is one of the largest hacking case ever uncovered of this type.
“A federal grand jury in Atlanta returned an indictment last week charging four members of the Chinese People’s L
The nine-count indictment alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke
(许可) and Liu Lei (刘磊) were members of the PLA’s 54
The Equifax hack was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The vulnerability was fixed in March 2017, but the credit reporting agency did not update its systems, the thesis was also reported by an Apache spokeswoman to the Reuters agency.
“They used this access to conduct reconnaissance of Equifax’s online dispute portal and to obtain login credentials that could be used to further navigate Equifax’s network. The defendants spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system,” the DoJ continues.
According to the indictment, the state-sponsored hackers ran approximately 9,000 queries on Equifax’s
The hackers attempted to evade detection by routing the traffic through approximately 34 servers located in nearly 20 countries, they used encrypted communication channels within Equifax’s network to hide malicious the malicious traffic and wiped log files on a daily basis.
In July 2019, The Wall Street Journal revealed that Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. The company was also fined £500,000 by the U.K.’s privacy watchdog for failing to take appropriate steps to protect its customers.
“Today’s announcement of these indictments further highlights our commitment to imposing consequences on
(SecurityAffairs – hacking, Equifax)