Security firm ThreatConnect on Friday released a detailed report tying Chinese state hackers to the massive data breach at Anthem.
The malicious software used to breach the health insurer mirrors the malware used in a previous Chinese attempted hack on a small U.S. defense contractor, the company found. The researchers were also able to tie the incident back to entities with ties to the Chinese military and intelligence agency.
{mosads}“The Anthem breach exposes the insidious reality of modern Chinese cyber espionage as it continues its unrelenting strikes at the soft underbelly of the American way of life,” the report said.
The details come as the FBI has said it is almost certain of who is behind the breach, which exposed the information of nearly 80 million customers at Anthem.
“We’re close already,” said Robert Anderson, who leads the FBI’s Criminal, Cyber, Response and Services Branch, during a Tuesday roundtable with reporters. “But we’re not going to say it until we’re absolutely sure.”
Even then, the FBI “may or may not” tell the public its conclusions, for fear of damaging other ongoing investigations, Anderson added.
News reports had previously linked the Chinese to the Anthem breach within days of it occurring.
ThreatConnect offered more conclusive evidence.
The firm tied the Anthem breach to Chinese efforts last year to target Virginia-based defense contractor, VAE. Those attempts were launched from a computer server used by a Chinese university and Chinese security company.
The two — Southeast University’s Information Security Research Center in Nanjing and Beijing Topsec Network Security Technology — also used those same servers to host a hacking competition that is seen as a breeding ground for the Chinese military and intelligence agency.