China accused of hacking into tech giants’ networks in attempt to steal data
Hackers working for China’s Ministry of State Security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.
Reuters reported Wednesday extensive new details about the global hacking campaign, known as Cloud Hopper and attributed to China by the United States and its Western allies.
A U.S. indictment in December outlined an elaborate operation to steal western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies. A Reuters report at the time identified two: Hewlett Packard Enterprise and IBM.
Now, Reuters has found that at least six other technology service providers were compromised: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology, HPE’s spun-off services arm.
Reuters has also identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.
HPE said it worked “diligently for our customers to mitigate this attack and protect their information.” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.
NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.
Saber said it had disclosed a cybersecurity incident in 2015 and an investigation concluded no traveller data was accessed. A Huntington Ingalls spokeswoman said the company is “confident that there was no breach of any HII data” via HPE or DXC.
Ericsson said it does not comment on specific cybersecurity incidents. “While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers,” a spokesman said.
The Chinese government has consistently denied all accusations of involvement in hacking. The Chinese Foreign Ministry said Beijing opposed cyber-enabled industrial espionage. “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” it said in a statement to Reuters.
The Cloud Hopper attacks carry worrying lessons for government officials and technology companies struggling to manage security threats. Chinese hackers, including a group known as APT10, were accused of continuing the attacks in the face of a counter-offensive by top security specialists and despite a 2015 U.S.-China pact to refrain from economic espionage.
Two of APT10’s alleged members, Zhu Hua and Zhang Shilong, were indicted in December by the United States on charges of conspiracy to commit computer intrusions, wire fraud and aggravated identity theft. In the unlikely event they are ever extradited and convicted, the two men would face up to 27 years in an American jail.
Reuters was unable to reach Zhu, Zhang or lawyers representing the men for comment. China’s Foreign Ministry said the charges were “warrantless accusations” and it urged the United States to “withdraw the so-called lawsuits against Chinese personnel, so as to avoid causing serious harm to bilateral relations.”
The U.S. Justice Department called the Chinese denials “ritualistic and bogus.”
“The Chinese Government uses its own intelligence services to conduct this activity and refuses to cooperate with any investigation into thefts of intellectual property emanating from its companies or its citizens,” DOJ Assistant Attorney General John Demers told Reuters.
APT10 often attacked a service provider’s system by “spear-phishing” — sending company employees emails designed to trick them into revealing their passwords or installing malware. The hackers then moved through the company’s systems searching for customer data and, most importantly, the computers on the network acting as a bridge to client systems.
Many victims are unable to tell exactly what was stolen. Yet senior western intelligence officials say the toll was high.
“This was a sustained series of attacks with a devastating impact,” said Robert Hannigan, former director of Britain’s GCHQ signals intelligence agency and now European chairman at cybersecurity firm BlueVoyant.
The Chinese Government uses its own intelligence services to conduct this activity.