Cloud Hopper Attack Bigger Than Reported. MUCH Bigger

I hate to keep beating on this drum, but the message is important and the news keeps getting worse.

Yesterday I wrote about yet another managed service provider that was hit by a ransomware attack and a number of their clients had their data encrypted.

Today the Wall Street Journal is reporting that the Cloud Hopper attack in 2016, which was revealed last year, was much bigger than has been previously reported.

Up until now, the news we knew about was that 12 managed service providers had been successfully attacked.  Among the 12 was Hewlett Packard (HPE).  According to the Journal, HPE was so compromised that even as they were giving their clients the “all-clear”, the Chinese were re-compromising their network.

The Chinese hacking group, known as APT10 (for advanced persistent threat – not your average 400 pound hacker that our President talks about) had access to the data of hundreds of firms.

Included in that list are Rio Tinto, Philips, American Airlines Group, Deutsche Bank AG, Allianz SE and Glaxo Smith Kline.

Director of the FBI Christopher Wray said it was the equivalent to stealing the master keys to an apartment complex.

The Journal says that whether the hackers are still inside those networks is an open question.  They say that data from the security firm Security Scorecard shows that thousands of IP addresses globally are still reporting back to APT10.

The US Government is now worried about their own possible exposure.  Yikes.

The government says that the hackers took personnel information on over 100,000 Navy personnel.  You can only imagine what that might mean.

This could be part of the reason that the government is moving so fast on CMMC (government fast, that is).  CMMC is a new security requirement for government contractors scheduled to go into effect very soon.

If this isn’t scary enough, the Journal says that the Ruskies, not wanting to be outdone by the Chinese, are also trying to breaking to Cloud Service Providers.

Check out yesterday’s blog post for recommendations, but the number one recommendation is to get a robust logging and alerting solution in place so that you know when you are under attack and don’t wind up like Marriott – discovering that the bad guys are inside your system.  FOUR YEARS after the fact.

Unfortunately the WSJ article is behind a paywall, but if you have access, it is fascinating reading.

Your job now is to protect yourself.

Like in previous times when Willie Sutton was robbing banks, he said that is where the money is.  Today, the money is in information and that information is at MSPs and other hosting providers.

Source: WSJ


Leave a Reply

Your email address will not be published. Required fields are marked *