Delaware, USA – June 27, 2019 – Six more victims of the Cloud Hopper campaign became known. The campaign targeting Managed Service Providers conducted by APT10 was discovered at the end of last year, and now Reuters publishes the results of the investigation, in which Tata Consultancy Services, Dimension Data, Computer Sciences Corporation, NTT Data, DXC Technology, and Fujitsu were added to the previously known victims: IBM and Hewlett Packard Enterprise. The primary target of the attacks was the stealing of trade secrets, as well as the penetration networks of technical giants’ customers. Most compromises occurred between 2015 and 2017, and for several years, hackers sponsored by the Chinese government had access to a network of companies and were seeking valuable industrial and aerospace data. Attackers conducted spear phishing attacks on company employees or compromised publicly accessible servers of organizations exploiting vulnerabilities. Having access to one system, they collected credentials to move laterally.
APT10 is incredibly active lately. In a recent campaign targeted at organizations in Southeast Asia, the group used new malware loaders. This week, Cybereason published a report on the compromise of the 10 largest telecommunications companies to intercept information of specific, high-value targets. This campaign was conducted at least since 2012 and took place in waves: as soon as their activity was discovered, they suspended the operation in order to return in time with new tools and techniques. To detect APT10 attacks on your web servers, you can use the Web Application Security Framework rule pack: https://my.socprime.com/en/integrations/web-application-security-framework-arcsight
You can also use APT Framework for ArcSight to uncover traces of malware activity and signs of cyberattack at any stage of Cyber Kill Chain: https://my.socprime.com/en/integrations/apt-framework-arcsight