China cyber-attacks IBM and HPE for clients’ computer details

Hackers working on behalf of China’s Ministry of State Security attacked the networks of Hewlett Packard Enterprise (HPE) and IBM and accessed their clients’ computers, Reuters reported.
Cybersecurity for CSOsUnited States and Britain on Thursday said Chinese campaign called Cloudhopper infected technology service providers in order to steal secrets from their clients globally.

Cybersecurity firms and government agencies issued multiple warnings about Cloudhopper threat since 2017.

IBM said it had no evidence that sensitive corporate data had been compromised. HPE said it could not comment on the Cloudhopper campaign.

Businesses and governments are looking to technology companies known as managed service providers (MSPs) to remotely manage their information technology operations, including servers, storage, networking and help-desk support.

Cloudhopper targeted MSPs to access client networks and steal corporate secrets from companies, according to a U.S. federal indictment of two Chinese nationals unsealed on Thursday. Prosecutors did not identify any of the MSPs that were breached.

IBM said in a statement that it is aware of the reported attacks and has taken counter-measures as part of its efforts to protect the company and our clients against constantly evolving threats.

“We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat,” the company said in a statement issued on Thursday.

HPE said in a statement that it had spun out a large managed-services business in a 2017 merger with Computer Sciences Corp that formed a new company, DXC Technology.

“The security of HPE customer data is our top priority,” HPE said. “We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017.”

DXC Technology declined to comment, saying in a statement that it does not comment on reports about specific cyber events and hacking groups.

HPE and IBM were not the only prominent technology companies whose networks had been compromised by Cloudhopper.

Cloudhopper infiltrated the networks of HPE and IBM multiple times in breaches that lasted for weeks and months.

IBM investigated an attack as recently as this summer, and HPE conducted a large breach investigation in early 2017.

IBM has dealt with some infections by installing new hard drives and fresh operating systems on infected computers.

Cloudhopper attacks date back to at least 2014, according the indictment.

The indictment cited one case in which Cloudhopper compromised data of an MSP in New York state and clients in 12 countries including Brazil, Germany, India, Japan, the United Arab Emirates, Britain and the United States. They were from industries including finance, electronics, medical equipment, biotechnology, automotive, mining, and oil and gas exploration.