Over the past year, Western media organizations have published a non-stop stream of reports about "Operation Cloudhopper": The Chinese government's clandestine program to spy on and siphon economic secrets from some of the world's largest tech companies.
We have shared somedetails of the program before: China's Ministry of State Security has worked with a shadowy group of hackers called 'Advanced Persistent Threat' 10 to infiltrate American and European enterprise tech firms using a very consistent MO: Hackers would infiltrate the cloud computing networks of 'managed service providers', then 'hop' from network to network', gaining entree to the networks of these firms' clients. Back in December, the US named some of the hackers suspected of working with APT10, and was backed up by Germany, New Zealand, Canada, Britain, Australia and other allies all issued statements.
But as devastating as these attacks have been, the details have been kept under wraps, as corporate victims have pushed for their privacy to be protected. But for the first time since the US indicted the two suspected APT members, a sweeping Reuters investigation has laid out details of attacks, many of which have been previously reported, but not in quite as much depth.
An investigation by Reuters found that "Cloud Hopper" impacted six additional firms aside from IBM and HPE, which it had previously reported. These included at least five of the world's 10 largest tech service firms. In addition to HPE and IBM, the hacks emanated out to those firms' clients, including Swedish telecoms firm Ericsson, and a handful of Japanese fims. Ultimately, industrial and commercial secrets were stolen.
The hacking campaign, known as “Cloud Hopper,” was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud.Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them. A Reuters report at the time identified two: Hewlett Packard Enterprise and IBM.
Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.
On what has been an otherwise relatively slow news day as President Trump heads to Japan for this weekend's G-20 summit, the Associated Press has joined Reuters in publishing an expose about a cyberespionage campaign that just might have its origins in Beijing.
According to the AP, which sourced its story from a presentation given by the head of Cybereason, a global cybersecurity contractor brought in by telecoms firms to trace the source of another potentially major breach, a group of possibly state-backed hackers infiltrated the system of an unnamed telecoms giant to spy on a group of unnamed "VIPs" call records, location data and other information. The hack essentially allowed the hackers to track the movements and activities of the targets. And because the hack occurred at the service-provider level, it would be virtually impossible for the 20 or so end-user targets to discover the breach on their own. In essence, the hackers were able to transform the targeted firm into a "global surveillance system."
Cybereason Chief Executive Lior Div said because customers weren’t directly targeted, they might never discover that their every movement was being monitored by a hostile power.
The hackers have turned the affected telecoms into "a global surveillance system," Div said in a telephone interview. "Those individuals don’t know they were hacked - because they weren’t."
Div, who presented his findings at the Cyber Week conference in Tel Aviv, provided scant details about who was targeted in the hack. He said Cybereason had been called in to help an unidentified cellular provider last year and discovered that the hackers had broken into the firm’s billing server, where call records are logged.
The hackers were using their access to extract the data of "around 20" customers, Div said.