Wang and Doe reportedly used “extremely sophisticated techniques,” including specially-tailored spear-phishing emails with embedded hyperlinks. When employees of the targeted businesses clicked the hyperlinks, a file downloaded and deployed malware, which created a backdoor to the computer systems. In some cases, the defendants waited months before taking further action. Then, they allegedly encrypted the stolen files and sent them through multiple computers to servers in China.

When the Anthem attack occurred, the company was quick to detect it and to alert the FBI. That was a key factor in being able to determine who was responsible and “should serve as an example to other organizations that might find themselves in a similar situation,” said Special Agent in Charge Grant Mendenhall. The Justice Department says it will aggressively prosecute perpetrators of hacking schemes like these. However, the charges in this indictment are merely allegations, and Wang and Doe are presumed innocent until proven guilty.