New Report Reveals That Cloud Hopper Hack is Still Active and has Affected Several More MSPs

New Report Reveals That Cloud Hopper Hack is Still Active and has Affected Several More MSPs

  • The new list of victims includes CGI Group Inc., Tieto Oyj, and IBM Corp.
  • The U.S. government believes APT10 stole personal records for 100,000 U.S Navy personnel.

The infamous ‘Cloud Hopper’ hack which was previously reported to have infected a bunch of 14 large companies, is massive and believed to be underway.

What does the new report reveal?

An investigation by the Wall Street Journal has revealed that there are at least a dozen new cloud provider companies affected by the campaign carried out by the China-based APT10 group. This new list of victims includes CGI Group Inc., Tieto Oyj, and IBM Corp.

The Journal notes that Hewlett Packard Enterprise Co. had missed the hackers re-entering their clients’ networks, even after the company had given customers the all-clear.

US Navy records also stolen

Among the new findings, the journal also reports that the U.S. government believes APT10 stole personal records for 100,000 U.S. Navy personnel.

Wall Street Journal highlights the issue stems due to the reluctance of many MSPs to fully disclose to their clients if they have been affected. This has forced the Department of Homeland Security (DHS) to revise federal contracts with cloud companies.

The vicious cycle continues

The Cloud Hopper hack was first identified in 2016 and Rio Tinto, a company whose operations include copper, diamonds, iron ore and uranium, was among the earliest targets. The firm was breached through cloud provider CGI as far back as 2013.

However, upon discovery of the hack, Reuters reported that IBM along with Fujitsu, Tata Consulting Services, NTT Data, Dimension Data, Computer Sciences Corp. and DXC Technology had emerged victims of the APT10 hacking activity.

To break into the cloud, the hacker group had used multiple techniques. Sometimes they sent phishing emails to administrators with high-level access. Other times they cracked in through contractors’ systems.

The Journal reports that it is unknown how much data the APT10 group has stolen with Cloud Hopper. However, the group seems to be pretty much active even lately. A security company SecurityScorecard has identified thousands of IP addresses globally still reporting back to APT10’s network between April and mid-November.