A report by Reuters has found that a team of hackers related to the Chinese Ministry of State security broke into the systems of eight major managed service providers (MSPs). This global cyber-espionage campaign, known as “Cloud Hopper” in the security community, is supposed to be active since past few years.
The team of hackers is known within the security community by the name APT10. This group targeted managed IT service providers to get access to sensitive data of their globally clients. Its targeted organizations from countries like Canada, Brazil, United Kingdom, France, Norway, Finland, Switzerland, South Africa, South Korea, Australia, Japan, and India.
According to a PwC Uk and BAE systems report, the group targeted both a low profile and high value systems to gain a high level of access and has also been identifying and subsequently installing malware on low profile systems that provide non-critical support functions to the business. This was to ensure that they drew less attention from the system administration.
For their participation in this campaign, a U.S. indictment in December last year accused two Chinese nationals of identity theft and fraud. Their names as cited by the FBI are Zhu Hua and Zhang Shilong. At that time, Reuters reported that two of the companies which had fallen victim to this espionage were Hewlett Packard Enterprise and IBM.
Now, Reuters has found that Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology, HPE’s spun-off services arm were also affected by the attack of Cloud Hopper. But this list is not limited to these names. Several clients of the service providers who were affected by these attacks were identified by Reuters among which Ericsson, Huntington Ingalls Industries (a company which builds American nuclear submarines) and Sabre (a travel tech company) are the key ones.
In an interview with Reuters, HPE spokesman Adam Bauer said, “We remain vigilant in our efforts to protect against the evolving threats of cyber-crimes committed by state actors.” He added, “The company worked worked diligently for our customers to mitigate this attack and protect their information.”
The attacking method involved infiltrating the service provider by phishing employees via “spear phishing” in which the victim is tricked through emails into giving away information like passwords or are made to download malware. Once inside the server they mapped out the victim network and identified sensitive data. The next step involved encrypting and collecting this data.
This attack brings into spotlight the security issues related with cloud computing. Most of the companies whose data has been compromised carried out an extensive amount of work though cloud computing.
It should be noted that most of the victims were competitors to various Chinese ventures. This leads to the conclusion that these attacks were carried out to gain an economic advantage. While the Chinese government has been held responsible for these attacks, they have denied all accusations.
In a statement to Reuters, the Chinese Foreign Ministry said, “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets.” They also said that these charges were warrantless accusations and if the U.S. doesn’t withdraw the lawsuits, it would cause serious harm to their trade relations.