VERY IMPORTANT

Earlier this year, the second largest health insurance provider in the US publicly disclosed that it had been the victim of a major cyberattack. The attack against Anthem resulted in the largest known healthcare data breach to date, with 80 million patient records exposed. Symantec believes that the attackers behind the Anthem breach are part of a highly resourceful cyberespionage group called Black Vine. The Anthem attack is only one of multiple campaigns that Symantec has attributed to this group. Symantec’s latest whitepaper documents multiple Black Vine operations that have been occurring since 2012. Black Vine’s targets include gas turbine manufacturers, large aerospace and aviation companies, healthcare providers, and more. The group has access to zero-day exploits, most likely obtained through the Elderwood framework, and uses custom-developed back door malware. By connecting multiple Black Vine campaigns, we traced how the attack group has evolved over the last three years.