Exclusive: China has hacked HPE, IBM, and then attacked customers – sources

WASHINGTON/LONDON/SAN FRANCISCO (Reuters) – Hackers working on the behalf of China’s Ministry of state security is an infringement on the networks of Hewlett Packard Enterprise Co and IBM, the access to hack their customers ‘ computers, according to five sources familiar with the attacks.

Signs are for the Hewlett Packard Enterprise Co. coverage of the facade of the New York Stock Exchange, November 2, 2015. REUTERS/Brendan McDermid/File Photo

The attacks were part of a Chinese campaign known as Cloudhopper, which the United States and Britain on Thursday said infected technology service providers in order to steal secrets from their customers.

While cybersecurity companies, and government agencies have issued multiple warnings about the Cloudhopper threat because of 2017, they have not known the identity of the technology companies whose networks were compromised.

International Business Machines Corp said it had no evidence that sensitive corporate data at risk. HPE said it could not comment on the Cloudhopper campaign.

Companies and governments are increasingly looking to technology companies, known as managed service providers (msps) to remotely manage their it operations, including servers, storage, networks, and helpdesk support.

Cloudhopper targeted msps to access client networks and stealing corporate secrets from companies all over the world, according to a U.S. federal indictment of two Chinese nationals are non-closed on Thursday. The plaintiffs did not identify any of the msp’s that were violated.

Both IBM and HPE declined to comment on the specific claims of the sources.

“IBM has taken extensive counter measures worldwide as part of its ongoing efforts to protect itself and its customers against constantly evolving threats,” the company said in a statement via e-mail. “We take a responsible stewardship of customer information very seriously and have no evidence that sensitive IBM or client data is compromised.”

HPE said in a statement that it was spun out of a large managed services business in 2017 a merger with Computer Sciences Corp., which formed a new company, DXC-Technology.

“The safety of HPE customer data is our top priority,” HPE said. “We are not able to respond to the specific details described in the indictment, but HPE’s managed services provider business moved to DXC-Technology related to HPE the sale of its Enterprise Services business in 2017.”

The representatives of the DXC-Technology could not be immediately reached for comment.

Reuters was not able to see the names of other infringed technology companies to identify affected customers.

The sources, who are not authorized to comment on confidential information obtained from investigations into the hacks, said that HPE and IBM were not the only prominent technology companies whose networks had been compromised by Cloudhopper.

Cloudhopper, which is focused on technology service providers for several years, infiltrated the networks of HPE and IBM multiple times in the infringements that lasted weeks and months, according to a source with knowledge of the matter.

IBM investigated an attack as recently as this summer, and HPE conducted a major breach of research in early 2017, the source said.

The attackers were stubborn, making it difficult to ensure that the networks were safe, said another source.

IBM has treated, some infections is by installing a new hard drives and fresh operating systems on infected computers, said the person familiar with the effort.

A senior intelligence official, who refused to accept the name of all the victims that were violated, said the attacks on msp’s were a major threat, because they essentially turned technology companies in launchpads for hacks to the clients.

“By gaining access to a MSP, you can, in many cases, access to each and every one of their customers,” the official said. “Call it the Walmart approach: If I needed to make 30 different items for my shopping list, I can have 15 different shops or I could go to the one that is all.”

The IBM logo is displayed during the Viva Tech start-up and technology summit in Paris, France, May 25, 2018. REUTERS/Charles Platiau

The representatives of the FBI and the Department of Homeland Security declined to comment. Officials of the U.S. Department of Justice and the Chinese embassy in Washington could not immediately be reached for comment.

The British government spokesman declined to comment on the identity of companies affected by the Cloudhopper campaign or the consequences of those infringements.

“A number of MSPs have been affected, and the naming of them would have potential commercial implications for them, giving them an unfair disadvantage compared to their competitors,” she said.

Reporting by Christopher Bing in Washington, Jack Stubbs in London, Joseph Menn in San Francisco; Editing by Jim Finkle and Leslie Adler

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular