International, Large-Scale Cyber Attack Uncovered by Cyber Security Watchdogs

Andrew Cummings
April 5, 2017

The ACSC today warned of a "sustained malicious cyber campaign targeting major global Managed Service Providers" associated with the group designated APT10 - also known as CVNX, Red Apollo, Stone Panda, menuPass Team, and POTASSIUM.

The operation, codenamed Cloud Hopper, was spearheaded by the National Cyber Security Centre, PwC, the professional-service firm, BAE Systems, the security company, and other members of the security community.

Matt Walmsley, EMEA director at cybersecurity company Vectra Networks, added: "These criminals continue to play a long game, prepared to wait months - even years - to harvest valuable data without being noticed".

The National Cyber Security Centre has issued guidelines following the global targeting of enterprises via managed service providers, and notes how the activity detected "likely represents only a small proportion of the total malicious activity".

From there, APT10 will try to steal the credentials from the IT service provider to hop over to their clients' private networks.

Using a series of custom malware and spear phishing techniques, the group garnered the data by targeting outsourced IT service companies. Basically, attackers breached a cloud provider and then ransacked what they could from their biggest customers. A report by the national cyber crime agencies as investigatory bodies has revealed that the Chinese gang APT10 has been carrying out sustained attacks on United Kingdom firms since 2014 to gather personal data and intellectual property.

"This indirect approach of reaching many through only a few targets demonstrates a new level of maturity in cyber espionage - so it's more important than ever to have a comprehensive view of all the threats your organisation might be exposed to, either directly or through your supply chain". A number of Japanese organisations have also been targeted by the same crew, according to a joint report by PwC and BAE Systems.

"This is a global campaign with the potential to affect a wide range of countries, so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly".

Other reports by iNewsToday