Anthem attack traced to sophisticated cyberespionage group 'Black Vine'

The breach that compromised personal information for roughly 80 million Anthem members announced earlier this year was likely the work of a sophisticated cyberespionage group, according to a whitepaper from software company Symantec. It calls the hackers "Black Vine." 

"Black Vine is a formidable, highly resourced attack group, which is equipped to conduct cyberespionage against targeted organizations," Symantec said in a blog post. "Based on our records of its past campaigns, Symantec believes that Black Vine's malicious activity will continue."

The Anthem attack, the largest known breach to date in the healthcare industry, was already linked to China. Hackers used the same Chinese software in an attempted attack on Reston, Virginia-based defense contractor VAE, FierceHealthIT previously reported.

Symantec says it's likely that some Black Vine actors are connected to a Beijing-based IT security firm called Topsec.

The evidence:

  • Other third-party vendors cited the same variant in their research into the attack
  • The Anthem attackers also used a digital certificate to sign the malware, which was seen before in other Black Vine attacks
  • Multiple domains used in the Anthem breach were found on Black Vine's infrastructure

Symantec determined that Black Vine has been conducting attacks since at least 2012, focusing on the healthcare, energy and aerospace industries. In many of its attacks, Black Vine delivered malware onto the victim's computer after exploiting a zero-day vulnerability through watering-hole attacks.

Once the malware was on the computer system, Black Vine was able to open back doors and execute files and commands, delete, modify and create registry keys and gather information from the infected computer.

To learn more:
- here's the Symantec whitepaper (.pdf) and blog post

Suggested Articles

A new CMS report estimates that premiums for the second-cheapest silver tier plan will decline by 2% on HealthCare.gov next year.

Premiums on the ACA's exchanges for 2021 are expected to rise by about 1% as insurers struggle to figure out the impact of COVID-19, KFF report finds.

​​​​​​Global healthcare funding soared in the third quarter, hitting a new record of $22 billion. Digital health investments also reached new heights.