A new report suggests a China-based espionage campaign is targeting managed IT service providers and cloud service providers in an attempt to spy on those firms' clients, including diplomatic and political organizations and companies' intellectual property.
PriceWaterhouseCoopers and BAE Systems collaborated on the report, detailing a threat nicknamed "Operation Cloud Hopper."
Cloud Hopper uses a mixture of unique hacking tools and open-source software in attacks against service providers around the world. The campaign has logged attacks in nations including the U.S., Canada, South Korea, India, Thailand and Japan. It is linked to China through its use of internet addresses used by the well-established APT10 campaign. The report notes that the Cloud Hopper hackers work during the Chinese workday, including a midday break for lunch.
The attacks, according to the report, "allow[ed] APT10 unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally."
PriceWaterhouseCooper and BAE have been observing the Cloud Hopper effort since late 2016.
Managed IT service providers provide the traditional services of an IT department on remotely located servers. Cloud providers operate remote servers used to provide business technologies like software and data storage, where many companies share the same servers.