China Hacked IBM And HP, Then Went After Their Clients

Just hours after the DOJ issued an indictment of two Chinese hackers who purportedly infiltrated 45 US tech companies and government agencies (including the US Navy), Reuters has published an anonymously sourced report shedding more light on aspects of 'Operation Cloudhopper' - the codename for the hacking campaign - that offers some details about how China's Ministry of State Security infiltrated IBM and HP Enterprise, and used those systems as a "launch pad" to gain access to systems belonging to their clients (which include government agencies and the military).

Hackers

The information reported on 'Cloudhopper' reportedly came from US and UK sources. Cloudhopper worked by infiltrating 'managed service providers', which are used by clients to manage their servers, network and other IT infrastructure. Reuters said it was unable to confirm the names of other firms breached in 'Cloudhopper', according to Reuters.

The breaches reportedly lasted for weeks at a time, and were being investigated as recently as this past summer.

The sources, who were not authorized to comment on confidential information gleaned from investigations into the hacks, said that HPE and International Business Machines Corp were not the only prominent technology companies whose networks had been compromised by Cloudhopper.

Cloudhopper, which has been targeting technology services providers for several years, infiltrated the networks of HPE and IBM multiple times in breaches that lasted for weeks and months, according to another of the sources with knowledge of the matter.

IBM investigated an attack as recently as this summer, and HPE conducted a large breach investigation in early 2017, said the source.

The attackers were persistent, making it difficult to ensure that networks were safe, said another source.

IBM responded to the hacks by installing new hard drives and operating systems on its computers...yet the state-sponsored attackers managed to repeatedly break into the company's systems.

As one anonymous official explained, these attacks on MSPs are particularly dangerous because they turn the MSPs into 'launchpads' for attacks on clients. He referred to it jokingly as "the Walmart approach".

One senior intelligence official, who declined to name any victims who were breached, said attacks on MSPs were a significant threat because they essentially turned technology companies into launchpads for hacks on clients.

"By gaining access to an MSP, you can in many cases gain access to any one of their customers," said the official. "Call it the Walmart approach: If I needed to get 30 different items for my shopping list, I could go to 15 different stores or I could go to the one that has everything."

Representatives for both the US and UK governments declined to comment, saying only that "a number of MSPs had been affected" in the hacks.

Representatives with the FBI and Department of Homeland Security declined to comment. Officials with the U.S. Justice Department and the Chinese embassy in Washington could not immediately be reached for comment.

A British government spokeswoman declined to comment on the identities of companies affected by the Cloudhopper campaign or the impact of those breaches.

"A number of MSPs have been affected, and naming them would have potential commercial consequences for them, putting them at an unfair disadvantage to their competitors," she said.

Beijing will no doubt be furious at the global coordinated condemnation of its cyberespionage efforts orchestrated by the US, but as more US allies speak out on Thursday, it remains to be seen if China will double-down on its efforts, or pull back. And there's also the possibility that an angry China retaliates by breaking off trade-war negotiations.