Hpe hub banner.png

Chinese 'Cloud Hopper' campaign targeting cloud providers was more extensive than admitted

Cloud Hopper hack enabled the attackers to steal large volumes of intellectual property and other sensitive data

The 'Cloud Hopper' hacking campaign that targeted several cloud and managed service providers penetrated much further than originally reported.

That's according to the Wall Street Journal, which concluded that the campaign hit more than a dozen cloud providers and scores of companies, enabling the attackers to steal large volumes of intellectual property and other sensitive data from the systems of targeted firms.

The cloud service providers (CSPs) that were hit by Cloud Hopper included Canada's CGI, IBM, Finnish IT services firm Tieto, and Hewlett Packard Enterprise (HPE).

The clients of those CSPs that were also compromised included mining firm Rio Tinto (not for the first time), Philips NV, American Airlines, Deutsche Bank, Allianz SE and GlaxoSmithKline.

HPE was so overrun by the cyber attacks that it failed to see the hackers re-entering their clients' networks, while the company gave "all-clear" to its customers.

According to the WSJ, Cloud Hopper perpetrators - thought to be the members of APT10 group working for Chinese intelligence agencies - had access to a vast constellation of clients inside the clouds during those attacks. After gaining entry into the networks of cloud providers, they could freely hop from one client to another, while defying investigators' attempts to "kick them out for years."

The campaign was first uncovered in 2016, and by 2018, nearly 14 unnamed firms - mostly CSPs and MSPs - were thought to be its targets.

The US government issued warnings about Cloud Hopper and APT10 after some initial reports about the attacks surfaced.

The UK's National Cyber Security Centre released an advisory in April 2017 telling firms that they should not accept statements from their MSPs related to Cloud Hopper, but rather "demand evidence."

Last December, the US prosecutors charged two Chinese nationals for their involvement in cyber attacks against American firms. The duo currently remains at large.

The US government also believes that APT10 group likely stole personal records for 100,000 American Navy personnel.

After the cyber campaign was uncovered, many cloud companies tried to "stonewall clients about what was happening inside their networks," the report claims.

The Department of Homeland Security (DHS) is now planning to revise some federal contracts to force cloud providers to comply with future investigations.

HPE told the WSJ that it worked professionally and diligently with its customers to mitigate the attacks.

IBM said it cooperated with law enforcement agencies as well as customers that expressed concerns.

You may also like

Asian Tech Roundup: Indian entrepreneurs call for 70-hour week
/news/4330782/asian-tech-roundup-indian-entrepreneurs-hour

Legislation and Regulation

Asian Tech Roundup: Indian entrepreneurs call for 70-hour week

Plus: Australia cracks down on Big Tech

EU to decide fate of $14bn HPE-Juniper Networks merger next month
/news/4333291/eu-decide-fate-usd14bn-hpe-juniper-networks-merger

Mergers

EU to decide fate of $14bn HPE-Juniper Networks merger next month

UK CMA is also investigating the deal

Asian Tech Roundup: To the moon and back
/news/4323833/asian-tech-roundup-moon

Legislation and Regulation

Asian Tech Roundup: To the moon and back

Plus: AI comes to Asia in a big way