Reuters today reported extensive new details about the global hacking campaign, known as Cloud Hopper and attributed to China by the United States and its Western allies. A U. S. indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.
LONDON (Reuters) – Hackers working for China’s Ministry of State Security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.
Ericsson said it does not comment on specific cybersecurity incidents. “While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers,” a spokesman said.
The Chinese Foreign Ministry said Beijing opposed cyber-enabled industrial espionage. “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” it said in a statement to Reuters.
Yet senior Western intelligence officials say the toll was high. “This was a sustained series of attacks with a devastating impact,” said Robert Hannigan, former director of Britain’s GCHQ signals intelligence agency and now European chairman at cybersecurity firm BlueVoyant.
Now, Reuters has found that at least six other technology service providers were compromised: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology, HPE’s spun-off services arm.
HPE said it worked “diligently for our customers to mitigate this attack and protect their information. ” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.
Chinese hackers, including a group known as APT10, were able to continue the attacks in the face of a counter-offensive by top security specialists and despite a 2015 U. S. -China pact to refrain from economic espionage.
The Cloud Hopper attacks carry worrying lessons for government officials and technology companies struggling to manage security threats.