- Nine Managed Service Providers have been compromised in attacks by the Chinese cyber espionage group APT10.
- Hewlett Packard Enterprise (HPE) and International Business Machines Corp (IBM) are among the targeted Managed Service Providers.
The Chinese cyber espionage group APT10 also known as MenuPass, Red Apollo, Stone Panda was accused of hacking a large number of managed service providers including HPE and IBM.
Hewlett Packard Enterprise (HPE) said that it could not comment on the attack while International Business Machines Corp (IBM) said that it had no evidence that confidential corporate data has been compromised.
Australian Cyber Security Center (ACSC) revealed that nine MSPs were compromised in the APT10 attack. Alastair MacGibbon, head of ACSC told ZDNet, “We're not naming any managed service providers. One, we said we wouldn't name them. And two, I can't be sure, and none of our allies can be sure, that we know all of the compromised global providers.”
MacGibbon said that Australian customers of compromised MSPs have not been named, but globally the targets have been organizations like mining companies, tech companies, and those involved in advanced manufacturing.
HPE and IBM
However, Reuters disclosed in a report that HPE and IBM are among the nine targeted Managed Service Providers.
“IBM has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats,” IBM said in a statement.
IBM further disclosed that they take responsible stewardship of client data very seriously and that they have no evidence that sensitive IBM or client data has been compromised by this attack.
HPE said “The security of HPE customer data is our top priority. We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017.”
MacGibbon said that MSPs need to change the way they do their business because if they are compromised it could potentially compromise all of their customers. “Then those that consume those services, what can you do to architect this arrangement to still get the benefits of outsourced IT and reduce the risks," MacGibbon said.
MacGibbon further acknowledged that it's not the best time of year to launch an awareness campaign, however, the US indictments as a trigger for it happening now.
"Once everyone's eaten enough turkey and had enough ham, we'll be back out again to drive change, where we hope that members of boards, CEOs, and customers start asking questions on how to change the way they construct their IT systems,” MacGibbon added.