The global hacking campaign known as “Cloud Hopper” perpetrated by government-sponsored Chinese hackers was much worse than originally reported, according to an investigation by the Wall Street Journal you should read in full.
The report says that “at least a dozen cloud providers” were affected, but focuses on HP to illustrate the severity of the intrusions and the tactics used to attack and defend.
”The Journal found that Hewlett Packard Enterprise Co. was so overrun that the cloud company didn’t see the hackers re-enter their clients’ networks, even as the company gave customers the all-clear.”
”Inside the clouds, the hackers, known as APT10 to Western officials and researchers, had access to a vast constellation of clients. The Journal’s investigation identified hundreds of firms that had relationships with breached cloud providers, including Rio Tinto, Philips, American Airlines Group Inc., Deutsche Bank AG, Allianz SE, and GlaxoSmithKline PLC.”
“They came in through cloud service providers, where companies thought their data was safely stored. Once they got in, they could freely and anonymously hop from client to client, and defied investigators’ attempts to kick them out for years.”
A lot of this was known in broad terms, as revealed by a Reuters investigation in June. The more detailed WSJ investigation shows just how vulnerable our data is when stored by a third party, and how aggressively state-sponsored hackers continue to pursue it.