Security
Hey China, while you’re in all our servers, can you fix these support tickets? IBM, HPE, Tata CS, Fujitsu, NTT and their customers pwned
Oh no Xi didn’t! Fresh details emerge on mega-hack
By Shaun Nichols in San Francisco 26 Jun 2019 at 22:20
44 Reg comments SHARE ▼
china hacking
Fresh details have emerged revealing just how deeply Chinese government hackers plundered HPE, IBM, DXC, Fujitsu, Tata, and others, stealing corporate secrets and rifling through their customers’ networks.
An explosive in-depth report by Reuters today blows the lid off APT10, the infamous Beijing-backed hacking operation that was just accused of hacking mobile carriers around the world. APT10 was previously fingered for raiding corporations and organizations globally, and siphoning off blueprints and databases for President Xi’s regime.
This week’s bombshell builds on last year’s revelations that a multi-year operation known as Cloud Hopper had worked its way into the internal networks at HPE and IBM, stealing corporate data and trade secrets along the way, and then drilled into customer systems. The hackers compromised customer servers that were managed by the IT giants, or slipped in via network links between the tech providers and their big-name clients. Hence the name: Cloud Hopper.
Now, word has dropped that another six companies fell victim to APT10 during that same campaign: Fujitsu, Tata Consultancy Services, Dimension Data, NTT, and Computer Sciences Corporation. It is believed most of the hacking took place between 2015 and 2017, though it’s said HP at least had been repeatedly pwned since 2010. (CSC is now known as DXC following its merger with HPE’s spun-off Enterprise Services in 2017.)
The revelations mean that the reach of the Cloud Hopper operation was far greater than first feared. In addition to the tech goliaths themselves, the hackers pushed their way into customer systems from the compromised providers, dramatically increasing the pool of valuable industrial and aerospace data stolen. Beijing’s miscreants had not just access to the internal files of HPE, IBM, Tata CS et al, but also their network-connected customers, putting designs, plans, personal information, and more, at their fingertips. Jackpot. …