According to an Indictment report from the U.S. Justice Department released on Thursday, the Chinese hackers working on behalf of China’s Ministry of State Security breached the networks of dozens of tech companies and government departments, largely in an effort to steal intellectual property.
The report stated that the attacks were being carried out by a group known as APT10, which various security companies have linked to the Chinese state.
Speaking to Wired, Benjamin Read, senior manager for cyberespionage analysis at FireEye, said, “MSPs are incredibly valuable targets. They are people that you pay to have privileged access to your network. It’s a potential foothold into hundreds of organizations.”
What organizations did the Chinese cybercriminal group target?
According to Reuters, hackers successfully targeted Hewlett Packard Enterprise, IBM and both companies customers.
In response to the attack, IBM said that it “has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats. We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat.”
HPE also responded. The company said in a statement that it had spun out a large managed-services business in a 2017 merger with Computer Sciences Corp that formed a new company, DXC Technology. “The security of HPE customer data is our top priority. We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017.”
The hackers are believed to have used a technique known as spearphishing. This is a highly targeted form of phishing, where a website is disguised as reputable and trustworthy in order to scam the targets.
Dmitri Alperovitch, Chief Technology Officer at CrowdStrike, said, “Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated”.
Alperovitch added that “while this action alone will not likely solve the issue and companies in the US, Canada, Europe, Australia, and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.”
The U.K. government also said, “The National Cyber Security Centre assesses with the highest level of probability that the group widely known as APT10 is responsible for this sustained cyber campaign focused on large-scale service providers. The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.”
“China has long rebuffed complaints from other nations accusing it of cyber attacks and espionage but didn’t immediately comment on Thursday’s indictment”, per TechCrunch.