• Reuters reported that hackers connected to the Chinese Ministry of State security broke into the systems of 8 major information technology service providers.
  • The global cyber-espionage campaign was called “Cloud Hopper.”
  • By hacking the technology service providers, the attackers were able to “hop” into client networks and steal corporate and government secrets to boost Chinese economic interests.
  • This attack highlights the catastrophic consequences of potential vulnerabilities in one of few players with dominant market share.

China is being accused of economic espionage: the theft of industrial or commercial secrets for the purpose of advancing the Chinese economy.

Eight of the world’s biggest technology service providers were hacked by Chinese cyber spies in an elaborate and years-long invasion, Reuters found. Teams of hackers connected to the Chinese Ministry of State Security penetrated IBM, Hewlett Packard Enterprise and Fujitsu’s cloud computing service and used the platforms as a launchpad to attack their customers.

Chinese hackers used vulnerabilities in the cloud providers’ defense system to gain access to confidential information of their clients. HP and IBM clients such as telecom hardware manufacturer Ericsson, which competes with Chinese firms, travel reservation system Sabre, the American leader in managing plane bookings, and the largest shipbuilder for the U.S. Navy, Huntington Ingalls Industries, which builds America’s nuclear submarines were affected.

How The Chinese Hack Worked

Chinese hackers attacked the cloud service providers using “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware (step 1, below). This is how 90%+ of breaches are initiated.

Once through the door, the hackers moved through the cloud company’s systems searching for customer data and, most importantly, the “jump servers” –computers on the network which acted as a bridge to client systems (step 2, below).

The attackers then “hopped” from the cloud provider’s network into a client system.

Once in the client system, hackers identified the sensitive data they wanted to collect and exfiltrated the data (step 3 & 4, below)

The Significance: Drawbacks of Monopoly & Duopoly

The “Cloud Hopper” hack highlights the crippling effect of relying on a few, dominant service providers. If
hackers find vulnerabilities in the service providers’ cyberdefence, they will potentially get access to all of the clients’ data. The impact of such hacks is magnified as it will cause a rippling impact to the provider and all their
targeted clients.

Reliance on a few providers is becoming more common in today’s business environment. For example, it is estimated that Microsoft’s Office 365 & Google’s G Suite have a respective 56% and 25% of the cloud market. A potential breach of Microsoft or Google’s cloud platforms would result in seismic consequences to the 80% of businesses that use these service providers.

The outrage of a breach is only expected to broaden as adoption spreads.

Cybersecurity Solutions Will Be More Crucial Than Ever

With dominant players like Microsoft, Google and Amazon only increasing their market shares, it will become colossally important to ensure there are no vulnerabilities that hackers may exploit. Using complementary solutions to stay protected is the best way to ensure protection.

CyberQuay’s next-gen CDR solution uses deep parsing to scan every line of code and detect known, unknown and future threats by disarming all potentially malicious content. CyberQuay’s technology is a method of defense best used to protect against “spear phishing” techniques that trick employees to revealing their passwords (Step 1 Chinese hackers utilized, discussed above).