The US Justice Department has charged two people in China over their alleged role in a high-profile hacking campaign that started in 2014 and stole reams of people’s personal information from multiple companies.
Only one of four companies identified as victims in the indictment, the insurance company Anthem, is named. At the time, Anthem’s hack was one of the largest of its kind, with nearly 80 million people’s information, including birthdays and Social Security Numbers, leaked. The other companies were identified as being in the technology, basic materials and communication services industries.
A number of companies were hacked in the months before and after the Anthem hack, including other insurance companies such as Community Health Systems, as well as the federal Office of Personnel Management (OPM). The latter attack exposed sensitive personal information of about 21.5 million government workers.
The Justice Department doesn’t accuse either person — Fujie Wang and someone identified only as John Doe — of working for Chinese intelligence services.
Cybersecurity experts have long speculated that the campaign against Anthem and others had ties to Chinese intelligence, and was perpetrated by the same actors that hacked OPM. In September, National Security Advisor John Bolton indicated the OPM hack was the work of the Chinese government.
The United States generally only seeks to charge hackers who work for foreign intelligence services when their activities breach norms the US would like others to follow, such as the use of reckless ransomware and interfering with elections. With China, charges have mostly been against government hackers accused of stealing American trade secrets to give to Chinese businesses.