A recent report by Reuters has revealed that a global hacking group, working for China’s Ministry of State Security known as Cloud Hopper, broke into networks of eight of the world’s biggest technology service providers, in order to steal commercial secrets from their clients. The infringement by the hackers exploited these companies, their customers, and the Western system of technological defense. This hacking campaign is believed to have been done to boost Chinese economic interests.
How Cloud Hopper penetrated into U.S. firms
Reuters reports that the Swedish telecoms equipment giant Ericsson were hacked five times by suspected Chinese cyber spies, between 2014 to 2017. After successfully repelling the many attacks, a year earlier, Ericsson discovered the intruders were back. Though this time, the path taken by the attackers were clear. The team of hackers had actually penetrated through Hewlett Packard Enterprise’s cloud computing service and used it as a launchpad to attack its customers. They managed to steal reams of corporate and government secrets for years, reports Reuters.
In December 2018, the U.S. government charged the Chinese government of conducting an operation to steal Western intellectual property in order to advance China’s economic interests. They named the hackers from APT10 – Advanced Persistent Threat 10 hacking group, as agents of China’s Ministry of State Security. The U.S. also accused two Chinese nationals of identity theft and fraud, but did not divulge any victim names. Around the same time, Reuters reported Hewlett Packard Enterprise and IBM as the affected victims of this hacking campaign. The public attribution garnered widespread international support: Germany, New Zealand, Canada, Britain, Australia and other allies, issued statements backing the U.S. allegations against China.
Key findings from Reuters investigation of Cloud Hopper hacking
Two days ago, Reuters have made their new investigation report public, which states that along with Hewlett Packard Enterprise and IBM, the hackers had also managed to penetrate into Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology companies.
According to the report, the Chinese hackers used these eight companies’ platform to attack their clients too. Along with Ericsson, a company which competes with Chinese firms in the strategically critical mobile telecoms business, the others include, travel reservation system Sabre, the American leader in managing plane bookings, and the largest shipbuilder for the U.S. Navy, Huntington Ingalls Industries, which builds America’s nuclear submarines at a Virginia shipyard. Though Reuters were unable to determine the full extent of the damage done by the hacking campaign, they claim that many victims are still unsure about the kind of information stolen by hackers.
“This was the theft of industrial or commercial secrets for the purpose of advancing an economy”, said the former Australian National Cyber Security Adviser Alastair MacGibbon.
This global hacking campaign also highlights the security vulnerabilities posed by cloud computing services. The former director of the U.S. National Security Agency, Mike Rogers says that, “For those that thought, the cloud was a panacea, I would say you haven’t been paying attention.”
According to a senior adviser to the U.S. National Security Agency, Rob Joyce, the companies were battling against a skilled adversary. He says that the hacking was “high leverage and hard to defend against.”
The Reuters report states that, according to Western officials, the attackers were from multiple Chinese government-backed hacking groups. The most feared was the APT10 hackers and were directed by the Ministry of State Security, says the U.S. prosecutors. The National security experts have said that the Chinese intelligence services are comparable to the U.S. Central Intelligence Agency, capable of pursuing both electronic and human spying operations.
The Chinese government has firmly denied all accusations of involvement in hacking. In a statement to Reuters, the Chinese Foreign Ministry has said that “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets.” China’s Foreign Ministry has also said that the charges were “warrantless accusations” and it urged the United States to “withdraw the so-called lawsuits against Chinese personnel, so as to avoid causing serious harm to bilateral relations.”
The U.S. Justice Department has called the Chinese denials “ritualistic and bogus”. The DOJ Assistant Attorney General John Demers has told Reuters that, “The Chinese Government uses its own intelligence services to conduct this activity and refuses to cooperate with any investigation into thefts of intellectual property emanating from its companies or its citizens.”
To know how the Chinese cyber spies infiltrated Western businesses in detail, head over to the Reuters investigation report.