A report a few days ago revealed that hackers linked with China’s government were stealing data from more than a dozen global telecom companies for years.
Cybersecurity company Cyberreason said at the time that a hacking group labeled APT10, associated with the Chinese government, is likely to blame. It turns out the same spying arm has been behind a similarly massive hack, this time targeting cloud services providers in search for doors to their customers. This hack, which may have gone unnoticed for years, had a different purpose: To steal sensitive trade secrets that could help China’s economy.
According to Reuters, eight of the world’s biggest technology service providers were hacked by APT10 spies, with attacks going as far back as to 2010 in some instances. Dubbed as “Cloud Hopper,” the campaign affected Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology.
The attacks were relentless, even after being discovered by those who were trying to prevent them. Hackers looked for entry points into systems that belonged to several businesses, which, once found, were used to extract information and potential trade secrets.
Defending against these attacks may have been nearly impossible, even after discovered, because of the reluctance of these companies to acknowledge any attacks and share information with customers. The US, meanwhile, indicted two Chinese nationals back in December over the Cloud Hopper attacks, without describing the scope of the hacks in as great of detail as Reuters.
So, who did APT10 attack? One “nightmare” situation involved Sabre, a company that provides reservation systems for tens of thousands of hotels, as well as services for booking air travel. Here’s what the hackers might have gotten out of it:
A thorough penetration at Sabre could have exposed a goldmine of information, investigators said, if China was able to track where corporate executives or US government officials were traveling. That would open the door to in-person approaches, physical surveillance or attempts at installing digital tracking tools on their devices.
The hacks also went after Huntington Ingalls Industries, which builds nuclear submarines, among other things, for the US:
During a private briefing with HPE staff, Huntington Ingalls executives voiced concern the hackers could have accessed data from its biggest operation, the Newport News, Va., shipyard where it builds nuclear-powered submarines, said a person familiar with the discussions. It’s not clear whether any data was stolen.
Ericsson, which happens to be a competitor to Huawei when it comes to mobile infrastructure, including 5G deployment, was another target:
Another target was Ericsson, which has been racing against China’s Huawei Technologies to build infrastructure for 5G networks expected to underpin future hyper-connected societies. The hacking at Ericsson was persistent and pervasive, said people with knowledge of the matter.
Logs were modified and some files were deleted. The uninvited guests rummaged through internal systems, searching for documents containing certain strings of characters. Some of the malware found on Ericsson servers was signed with digital certificates stolen from big technology companies, making it look like the code was legitimate so it would go unnoticed.
Even so, it’s unclear what the hackers stole, and whether anything of value was taken. Not all hacks, the report says, were sophisticated. But some of the hackers clearly knew they were discovered:
The hackers knew exactly where to retrieve the most sensitive data and littered their code with expletives and taunts. One hacking tool contained the message “FUCK ANY AV” – referencing their victims’ reliance on anti-virus software. The name of a malicious domain used in the wider campaign appeared to mock US intelligence: “nsa.mefound.com”
Many of the parties involved, deny that anything of value has been taken. The Chinese government, meanwhile, denies that such actions ever occurred.