Looking Back to Look Forward: The Anthem Breach

This report summarizes DomainTools/ThreatConnect analysis of the Anthem breach, attributing the large-scale data leak (approximately 80 million records) to Chinese-aligned actors by connecting malware C2 domains (we11point.com, topsec2014.com), IP 192.199.254.126, and registrant emails ([email protected], [email protected]) to a professor at Nanjing Southeast University with potential PLA links; it outlines the investigative steps, key indicators, and practical defensive recommendations such as monitoring typo-squatter domains and using reverse WHOIS and history tools.