Here's how the Equifax hackers avoided detection

News
By
published

Court filings reveal exact mechanism behind huge Equifax breach

(Image credit: Pixabay)

New court filings have revealed the Equifax hackers used a known but unpatched software vulnerability to infiltrate the company’s systems.

The US Justice Department has accused four Chinese military officers of conducting the attack, which saw the personal data of over 147 million Equifax customers stolen in 2017.

The credit reporting agency’s system remained compromised for a period of two months, during which the names and social security numbers of almost half the US were stolen.

The allegedly state-sponsored attackers evaded detection by passing their internet traffic through servers in nearly 20 countries, extracting data in compressed files and wiping computer logs.

Equifax hack

Unlike other incidents of this kind, the Equifax hackers didn’t leave as much as a fingerprint in the system. This allowed them to evade detection for an extended period and made identifying the culprits extremely difficult for investigators.

Rather than re-routing to infected domains to spread malware, the hackers directly connected malicious code to a server, allowing them to scrape data from the network remotely.

The group also used a series of perfectly kosher administration tools, including encrypted communication channels, which allowed them to pose as normal network participants. They also swept up data that might expose them on a daily basis.

The FBI eventually unpicked the complex web of re-directs and cloaking techniques to identify the four individuals responsible, though the Chinese government denies involvement.

Timo Steffens, formerly of the Justice Department, described the hackers' methods as “the modern version of changing your identity and growing a beard and colouring your hair.”

“There were times when we thought we had a lead outside China, hemispheres away, and it required chasing all that down,” he added.

Equifax reached an agreement with US regulators in July, which will see it pay out up to $700 million (and at least $575 million). This remains the largest penalty ever issued for a data breach.

Via CyberScoop

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
An operator fires a saw blade from a weapon
Call of Duty: Black Ops 6 Season 3 gets two-week delay, will now release in April
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
AI data center

Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases
See more latest
Most Popular
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Copilot on a laptop
Microsoft quietly updates Copilot to cut down on unauthorized Windows activations
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
Vado SL 2
Specialized says calling its new Vado SL 2 Alloy an e-bike is still an insult – here's why
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Next-Gen Google TV
Google TV's Gemini Live support and other updates seemingly confirmed by new user survey – here's what to expect
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions