The Wall Street Journal recently wrote a full-fledged report on their investigation into the state-sponsored Chinese global hacking campaign called ‘Cloud Hopper.’ Its investigation reveals the true depth of the risks associated with compromised cloud data in one of the largest-ever global corporate espionage efforts.
Cybersecurity investigators first identified aspects of the hack in 2016, revealing that cyber-attackers allegedly working for China’s intelligence services stole volumes of intellectual property, security clearance details and other records from dozens of international companies over the past several years.
Hackers, known as APT10 to Western officials and researchers, gained access to cloud service providers where companies believed their data was being safely stored and protected. Once in, the hackers freely and anonymously hopped from client to client, evading investigator’s attempts to eliminate them. For years.
Now the WSJ is reporting that the attack was actually much worse than initially reported –– going far beyond the 14 yet to be named companies listed in the indictment. While most names are still hidden, it’s reported that the hack stretched across at least a dozen cloud providers, including CGI Group Inc., Tieto Oyj, and International Business Machines Corp. (IBM)
Some of the companies targeted include mining company Rio Tinto PLC (RIO), and health-care giant Philips NV. Both had highly-sensitive data compromised in the attack, including mining prospects and sensitive medical data and research. The Journal also uncovered hundreds of firms that had relationships with breached cloud providers, including Philips, American Airlines Group Inc., Deutsche Bank AG, Allianz SE and GlaxoSmithKline PLC.
The Journal found that Hewlett Packard Enterprise Co. (HPE), also compromised in the attack, was so overwhelmed that the cloud company didn’t see the hackers re-enter their clients’ networks –– even as they gave customers the all-clear. Even worse, it’s still unknown if the hackers remain in the companies’ network today. The Journal reviewed data provided by Security Scorecard, a cybersecurity firm, and identified thousands of IP addresses globally still reporting back to APT10’s network between April and mid-November.
FBI Director Chris Wray said that access gained through cloud providers provided hackers with the equivalent of a master key to an entire apartment complex.
What made it worse, was investigators in and out of government said many of the major cloud companies attempted to stonewall clients about what was happening inside their networks. Officials at the Department of Homeland Security grew so frustrated that they’re now reportedly working to revise federal contracts that would force them to comply with future probes.