Based on five sources familiar with the attack, Chinese hackers who are working on behalf of their Ministry of State Security targeted the networks of Hewlett Packard Enterprise Co and IBM. After which, they used the hacked access and targeted the computers of clients.
A Chinese campaign called Cloudhopper is responsible behind the hacking attacks. On Thursday, the United States and Britain stated that the Cloudhopper infected technology service providers just to get confidential information from clients.
Since 2017, there were numerous warnings, which were raised by cybersecurity companies and government agencies, about the threats from Cloudhopper. However, the names of the technology companies, which were infected by the attacks, were not disclosed.
According to the International Business Machines, it lacked evidence to prove that the confidential corporate data had been compromised. Meanwhile, Hewlett Packard Enterprise (HPE) refused to comment regarding the Cloud hopper campaign.
There was an escalating interest by businesses and governments about the managed service providers (MSPs) of technology companies. The MSP will remotely handle and manage the information technology operations such as serves, storage, networking, and help-desk support of businesses and government offices.
Cloudhopper attacked the MSPs in gaining access to the client networks and steal the corporate secrets from companies globally. This was based on a US federal indictment of two Chinese nationals unsealed on Thursday. Prosecutors were unable to name any of the compromised MSPs.
Both the IBM and HPE did not give comments about the sources’ particular claims.
“IBM has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats. We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat,” the company stated.
In a statement, the HPE stated that it needed to exploit a huge managed-services business. This was in line with its 2017 merger with Computer Sciences Corporation that created a new company called DXC Technology.
“The security of HPE customer data is our top priority. We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017,” HPE said.