Hackers working for Chinese government targeted eight major tech service providers for years
Infamous Chinese hacking group APT10 is thought to have conducted the hacking campaign
A group of hackers sponsored by China's Ministry of State Security targetted eight of the world's largest tech service providers for years.
That's according to Reuters, which claims that APT10, the infamous hacking group backed by the Chinese government, carried out the 'Cloud Hooper' hacking campaign.
The campaign began in 2014 and focused on collecting trade secrets of US and other Western technology companies, allegedly in an effort to boost China's economic interests.
The companies whose networks were breached included Hewlett Packard, IBM, Tata Consultancy Services, Fujitsu, Dimension Data, NTT Data, DXC Technology and Computer Sciences Corporation.
An indictment filed in the US in December disclosed the details of the campaign for the first time, although it identified only two companies and didn't reveal their names. The indictment accused two Chinese nationals, named Zhu Hua and Zhang Shilong, of fraud and identity theft.
The latest Reuters report suggests that the campaign was actually much more widespread than previously thought.
The attacks on the tech firms created a ripple effect, which impacted the clients of service providers. The victims included Swedish telecom firm Ericsson, travel reservation system Sabre, and Huntington Ingalls Industries. Reuters identified more than a dozen victims, but said there could be many more names in the list.
According to Reuters, the hackers either infiltrated customer servers managed by IT giants, or got in via network links between the tech service providers and their clients.
The campaign highlighted the security vulnerabilities associated with cloud computing, according to security experts.
"For those that thought the cloud was a panacea, I would say you haven't been paying attention," said Mike Rogers, former director of the US National Security Agency.
Most of the attacks were likely carried out between 2015 and 2017, although HP had been repeatedly attacked since 2010.
The Chinese cyber spies accessed not only the internal files of tech service providers, but were also able to steal management plans, designs and other trade secrets of their network-connected clients.
According to Reuters, the Chinese government has denied any involvement of its agencies in this hacking campaign.
"The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets," the Chinese Foreign Ministry said in a statement to Reuters.
The Ministry also stated that their country opposes any form of cyber-enabled industrial espionage.