Group that hacked Anthem shared weaponized 0-days with rival attackers
An attack in early 2014 on Anthem, the No. 2 US health insurer, was by most measuring sticks a historic hack, leading to the biggest healthcare data breach ever. New evidence unearthed by researchers from security firm Symantec, however, shows it was business as usual for the hacking group, which over the past three years has carried out more than a dozen similar attacks.
Dubbed Black Vine, the group is well financed enough to have a reliable stream of weaponized exploits for zero-day vulnerabilities in Microsoft’s Internet Explorer browser. Since 2012, the gang has brazenly infected websites frequented by executives in the aerospace, energy, military, and technology industries and then used the compromises to siphon blueprints, designs, and other intellectual property from the executives’ organizations. The targeting of Anthem appears to reflect more of a secondary interest that was intended to further advance a primary interest in aerospace, energy, and other similar industries rather than to target healthcare information for its own sake.
“If someone just has Vikram’s healthcare records, overall there’s very little gain,” Vikram Thakur, senior security researcher with Symantec, told Ars, as he described the motivations of the Black Vine group hacking Anthem. “But then you get healthcare information about a Vikram working for a government entity or a defense contractor, there is substantial value in that. This is the kind of data that’s used in combination with something else to reach an entirely non-healthcare related goal.”