‘Operation Cloud Hopper’ — a global cyber espionage campaign — first made headlines when Chinese hackers reportedly broke past IBM and Hewlett Packard Enterprise. Now, it seems that they weren’t the only ones attacked.
Other tech companies, including Tata Consultancy Services — an Indian tech giant and one of the biggest IT firms in the world — were also victims of hackers working for China’s Ministry of State Security, according to Reuters. That too, for years.
It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks.
TCS did not respond when contacted for comments.
Nobody wants to accept that the hack actually happened. The Chinese government denied any involvement. The companies claimed that no sensitive information was compromised, but a Reuters investigation shows otherwise.
In order to hack into a service provider’s server, Operation Cloud Hopper used ‘spear phishing’ emails. This is where emails are sent to the company’s employees in hopes of tricking them into downloading malware or disclosing their passwords.
Normally, that would involve impersonating an employee using the directories of credentials that the hackers had at their disposal, according to Reuters.
Once this phase is successful, hackers start to map out the environment so that they can establish a foothold and make their way towards the real target, the system administrator. The administrator is important because it controls the company’s ‘jump servers’ — a bridge between a service provider and its client’s networks.
After that, it’s just a matter of segregating sensitive information from the jumble of data on the victim’s network. Reuters reports that it wasn’t a random search either, as the hackers knew exactly where to look and find sensitive information.
The commercially sensitive data is copied either directly from the client network or back through the service provider.
Many companies like Hewlett Packard, didn’t even know that they had been hacked for the first couple of years. But once they did find the vulnerability, getting rid of it was a different story altogether. Though were ever able to pick off the hacker footholds one by one, the tricky infiltrators found new ways to come back stronger.
The cycle continued for at least five years, according to Reuters.
‘Operation Cloud Hopper’ and its many attempts to hack into IT companies have mostly been kept under wraps at the behest of the corporate victims. But, the US government, after years of trying to contain the threat finally dubbed the hackers Advanced Persistent Threat 10 (APT10) in December 2018.
Courtesy – BusinessInsider