It has been reported that the Chinese state sponsored hacking group known as Deep Panda (aka Shell_Crew, Web Masters, KungFu Kittens, SportsFans, and Pink Panther) and was involved in the Anthem data breach. This group, which has been on the radar of law enforcement and security firms for several years, has been associated with a number of other attacks on government, defense, telecommunications, financial and legal organizations, both in the US and abroad.
How They Might Have Gotten In
According to separate reports published by the FBI and the RSA Incident Response team at EMC, Deep Panda has successfully used Adobe Flash zero day exploits and web application vulnerabilities (including, coincidentally another Adobe product – Cold Fusion) to gain network access.
How They Were Detected
KrebsonSecurity obtained a memo from an internal source in Anthem that indicated the intruders were on Anthem’s network for at least 7 weeks, with the initial compromise occurring on or before Dec 10th, and not discovered until January 27th, when a database administrator noticed a suspicious database query that was running using their credentials.
