[ISN] Anthem Breach Evidence Points to China, Security Researchers Say

http://www.eweek.com/security/anthem-breach-evidence-points-to-china-security-researchers-say.html By Robert Lemos eWEEK.com 2015-02-28 A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or “open-source” intelligence, security researchers at ThreatConnect and other companies found technical evidence that linked the malware reportedly used in the Anthem attack to a Chinese espionage group and a professor at Southeast University, which works with a government contractor, Beijing Topsec Technology Co. A variety of evidence—including email addresses, domains registered for the command-and-control servers and the certificate used to sign the malware—led back to the trio of actors, Rich Barger, chief intelligence officer for ThreatConnect, told eWEEK. “All of this evidence, from the technical aspect, pointed back to China in numerous ways despite the actors’ best efforts to shroud their origins,” Barger said. “They made an effort to hide, but they messed up.” […]