'; if(pArray.length >= 4) { i=2; } else if(pArray.length >= 3) { i=2; inline = ''; } else if(pArray.length >= 2) { i=1; inline = ''; } else if(pArray.length === 1) { i=0; inline = ''; } $('#librarydrawer_story_container script').each(function() { $(this).remove(); }); $(pArray[pArray.length - 1]).after(subscribeBox); $(pArray[i]).after(inline).after($('#librarydrawer_story_container')); $('#text-story').focus(function() { if ($(this).val() == 'EMAIL ADDRESS') { $(this).css({color: '#000000', backgroundColor: '#ffffff'}); $(this).val(''); } }); $('#text-story').blur(function() { var trim = $(this).val().replace(/[\s]/g, ''); if(trim === '') { $(this).val('EMAIL ADDRESS'); $(this).css({color: '#666666', backgroundColor: '#f8f8f8', border: '#666666 1px solid'}); } }); $('.content-subscribe .btn-submit').click(function() { var val = $('.content-subscribe .text').val(); if(val.search(/[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/gi) === -1) { $('.content-subscribe .text').css('border', '#ff6600 1px solid'); $('.content-subscribe .text').focus(); return false; } return true; }); }); //-->

Anthem attack traced to sophisticated cyberespionage group 'Black Vine'

Formidable, highly resourced attack group targeting the healthcare industry, among others

The breach that compromised personal information for roughly 80 million Anthem members announced earlier this year was likely the work of a sophisticated cyberespionage group, according to a whitepaper from software company Symantec. It calls the hackers "Black Vine." 

"Black Vine is a formidable, highly resourced attack group, which is equipped to conduct cyberespionage against targeted organizations," Symantec said in a blog post. "Based on our records of its past campaigns, Symantec believes that Black Vine's malicious activity will continue."

The Anthem attack, the largest known breach to date in the healthcare industry, was already linked to China. Hackers used the same Chinese software in an attempted attack on Reston, Virginia-based defense contractor VAE, FierceHealthIT previously reported.

Symantec says it's likely that some Black Vine actors are connected to a Beijing-based IT security firm called Topsec.

The evidence:

  • Other third-party vendors cited the same variant in their research into the attack
  • The Anthem attackers also used a digital certificate to sign the malware, which was seen before in other Black Vine attacks
  • Multiple domains used in the Anthem breach were found on Black Vine's infrastructure

Symantec determined that Black Vine has been conducting attacks since at least 2012, focusing on the healthcare, energy and aerospace industries. In many of its attacks, Black Vine delivered malware onto the victim's computer after exploiting a zero-day vulnerability through watering-hole attacks.

Once the malware was on the computer system, Black Vine was able to open back doors and execute files and commands, delete, modify and create registry keys and gather information from the infected computer.

To learn more:
- here's the Symantec whitepaper (.pdf) and blog post

Related Articles:
Anthem hack compromises info for 80 million customers
Anthem faces lawsuits over data breach
FBI warns healthcare of vulnerability to cyberattacks
Details emerge in Anthem hack