The US Department of Justice charged four members of the Chinese liberation army for hacking into the computer systems of Equifax and stealing user personal information and trade secrets.
According to the investigation reports the Chinese hackers are behind the malware attack that allows them to harvest addresses, birth dates, Social Security numbers, and other data on approximately 145 million Americans.
To gain access to the systems, attackers exploited Apache Struts Web Framework software vulnerability. By exploiting the vulnerability they harvest the login credentials to steal other data.
They remain undetected for several weeks and they extracted the PII from the database by running a series of database queries.
“In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens,” reads indictment.
To evade detection they have routed the traffic through 34 servers located in 20 countries to hide their location.
They also used to encryption channel blent with Equifax network to avoid detection, also deleted compressed files, log activity daily to evade detection.
“The defendants Wang Qian, Xu Ke, Liu Lei, and Wu Zhiyong charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud.”
They are also charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage, and three counts of wire fraud.”
“Today’s announcement of these indictments further highlights our commitment to imposing consequences on cyber criminals no matter who they are, where they are, or what country’s uniform they wear,” said FBI Deputy Director David Bowdich.