HPE, IBM Among The MSPs Breached By Chinese Hackers: Report
Hackers associated with the Chinese government breached the networks of Hewlett Packard Enterprise and IBM to go after their managed services clients, according to a Reuters report.
A source familiar with the attacks told Reuters that the Chinese campaign, known as Cloudhopper, infiltrated the networks of HPE and IBM multiple times in breaches that lasted for weeks and months. IBM investigated an attack as recently as this summer, the source told Reuters, while HPE conducted a large breach investigation in early 2017.
An HPE spokesperson said the company was unable to comment on the specific details described in the indictment, but noted that the company's MSP business moved to DXC Technology. DXC, No. 10 on the 2018 CRN Solution Provider 500, was formed in April 2017 from the combination of CSC and HPE Enterprise Services.
[Related: U.S. Justice Department Indicts Chinese Hackers For Targeting MSPs]
The U.S. Department of Justice said in an indictment unsealed Thursday the MSP theft campaign began back in 2014. DXC declined to comment, while IBM and the U.S. Department of Justice didn't immediately respond to requests for comment. Although HPE sold its managed services business early last year, the IBM Global Services business is No. 1 on the 2018 CRN Solution Provider 500.
The attacks against HPE and IBM were persistent, making it difficult to ensure that the networks were safe, a different told source Reuters. IBM has dealt with some infections by installing new hard drives and fresh operating systems on infected computers, the source said.
HPE's stock closed Thursday down $0.52 (3.95 percent) to $12.65 per share, while IBM's stock closed the day down $3.48 (2.99 percent) to $113.02. The Reuters story came out roughly 30 minutes before the market closed Thursday.
Sources told Reuters that HPE and IBM were not the only prominent technology companies whose networks had been compromised by China's Cloudhopper campaign. However, Reuters said it was unable to confirm the names of other breached technology firms or identify any of the affected clients. U.S. prosecutors did not identify any of the MSPs that were breached.
The Justice Department said China's APT10 group targeted MSPs in order to gain unauthorized access to the computers and computer networks of the MSPs' clients and steal intellectual property and confidential business data.
The compromised clients operated out of at least 12 countries, including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States. They operated in a multitude of industries such as banking and finance, telecommunication and consumer electronics, and medical equipment, the indictment indicated.
As part of the indictment, Chinese nationals Zhu Hua and Zhang Shilong were each charged with three counts of computer hacking, conspiracy to commit wire fraud and aggravated identity theft. The defendants committed these crimes in associated with a Chinese intelligence services known as the Ministry of State Security, according to the U.S. Justice Department.
China didn't immediately comment on Thursday's indictment, but has long denied accusations of cyberespionage.