Chinese Ministry Hackers Hit Eight Services Firms – Report

The finger of blame is being pointed firmly at the Chinese government for a global hacking campaign dubbed “Cloud Hopper” against big name firms in the IT services sector.

The hackers reportedly worked for China’s Ministry of State Security and sought to obtain commercial secrets from the customers of the IT service giants.

Reports that China supports its own hacking teams, or alternatively supports third party hackers, have been ongoing for a number of years now. Last year the scale of Chinese cyber offensive capabilities were exposed after an American security firm (Recorded Future) said the hackers had used computers at China’s Tsinghua University to target US energy and communications companies.

Cloud Hopper

And now a Reuters investigation has revealed that the Cloud Hopper campaign was extensive, and has been taking place over a number of years.

The campaign has been attributed to China by the United States and its Western allies.

According to Reuters, A US indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.

But the Reuters report has identified two victims, namely Hewlett Packard Enterprise and IBM.

And Reuters also discovered that at least six other technology service providers were compromised. This includes Japan’s Fujitsu and NTT Data, India’s Tata Consultancy Services, South African Dimension Data, and US firms Computer Sciences Corporation and DXC Technology (HPE’s spun-off services arm).

The Reuters investigation also revealed other victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, US Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.

HPE was quoted as saying that it worked “diligently for our customers to mitigate this attack and protect their information.”

DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.

NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment.

“This was a sustained series of attacks with a devastating impact,” said Robert Hannigan, former director of Britain’s GCHQ signals intelligence agency and now European chairman at cybersecurity firm BlueVoyant.

China hackers

“This seems to have started with spear phishing emails and highlights with such ease how this sort of operation works,” explained Jake Moore, Cybersecurity Specialist at ESET.

“State sponsored or not, governments should be extremely vigilant with email links and attachments amongst their staff, let alone user rights,” said Moore. “Email acts as the first wall of defence and when in-house training is already second nature, cheap and easy to implement within law enforcement, there really is little excuse for this to occur.”

“Furthermore, any cloud based connectivity should include multi factor authentication to thwart such attacks from occurring,” said Moore. “These attackers are well aware of such vulnerabilities and will always be one step ahead. We need to realise that these sorts of threats are inevitable and we need to work to prevent them as best as possible.”

The Chinese Foreign Ministry meanwhile said Beijing opposed cyber-enabled industrial espionage.

“The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” it said in a statement to Reuters.

Chinese hackers such as the APT10 group for example have been identified by multiple sources as being responsible for an attack on mobile telecommunications providers that affected more than 10 companies around the world and resulted in the theft of gigabytes of data on highly targeted individuals.

Do you know all about security? Try our quiz!