Anthem Hack One of Dozens From Black Vine

July 29, 2015 at 1:13 pm By

A huge hack on the Anthem health insurance company left the companies insured open to potentially big dangers, including anyone who classifies as a government worker. What is more dangerous, is the fact that it’s not the first time Black Vine has been successful with such hacks.

An attack in early 2014 on Anthem, the No. 2 US health insurer, was by most measuring sticks a historic hack, leading to the biggest healthcare data breach ever,” according to Arstechnica. 

Dubbed Black Vine, the group is well financed enough to have a reliable stream of weaponized exploits for zero-day vulnerabilities in Microsoft’s Internet Explorer browser.

The notorious hacking group shared their weapon of choice called 0-days with other rival hackers and have also used the exploit against executives in aerospace, energy, military and technology industries according to the report. The exploit proves to be a lot more dangerous to high officials or government workers because it exposes data that when paired with other goals can be threatening to the party involved.

If someone just has Vikram’s healthcare records, overall there’s very little gain,” Vikram Thakur, senior security researcher with Symantec, told Arstechnica, when describing the motivations of the Black Vine group hacking Anthem.

“But then you get healthcare information about a Vikram working for a government entity or a defense contractor, there is substantial value in that. This is the kind of data that’s used in combination with something else to reach an entirely non-healthcare related goal.”

Thakur pointed out that if the Black Vine hackers are sharing this technology with other groups they would be reaching a stage that is ver close to organized crime in terms of the way they deal the 0-days exploit.

Read the full story.