Cyber Incident Victim: Dimension Data
Date:
Jan 2010
Location:
China
Summary
A group of Chinese state-sponsored hackers known as APT10 conducted a prolonged cyber espionage campaign targeting multiple global technology service providers, including Dimension Data, by compromising their cloud infrastructure to access client networks. The attackers exploited vulnerabilities in outsourced IT services to steal sensitive corporate and government data, aiming to advance Chinese economic interests. Despite security efforts and a diplomatic agreement against economic espionage, the hackers persisted, leveraging compromised providers as launchpads for further intrusions. The incident revealed systemic challenges in cloud security and information sharing, as service providers often withheld breach details from affected clients due to legal and reputational concerns, potentially leaving many victims unaware of compromises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between 2014 and 2017, suspected Chinese state-sponsored hackers linked to the Ministry of State Security conducted a sustained cyber espionage campaign known as Cloud Hopper, targeting at least eight major technology service providers including Hewlett Packard Enterprise (HPE), Dimension Data, NTT Data, Tata Consultancy Services, Fujitsu, and IBM. The attackers, identified by security researchers as Advanced Persistent Threat group APT10, compromised these companies' cloud computing infrastructures to gain unauthorized access to their clients' networks. Swedish telecommunications firm Ericsson documented five separate breaches during this period, with forensic evidence showing attackers infiltrated their systems through a connection to HPE's cloud services in 2016. The campaign exploited vulnerabilities inherent in cloud service provider relationships, where third-party vendors manage clients' remote computing and data storage. APT10 operators used compromised cloud environments as launchpads to steal corporate and government secrets from multiple victims across sectors, persisting despite a 2015 U.S.-China agreement prohibiting economic cyber espionage. Security teams at affected organizations like Ericsson implemented incident response protocols—designating operations with codenames like "Pinot Noir"—but struggled to contain the sophisticated attacks.
The Cloud Hopper attacks resulted in extensive theft of sensitive information, though many victims remained unaware of compromises and the full scope of data exfiltrated remains undetermined. Service providers complicated mitigation efforts by withholding breach details from clients due to concerns about legal liability and reputational damage, according to internal records and interviews with investigators. This information-sharing failure hindered coordinated responses and highlighted systemic challenges in defending against state-sponsored cyber operations. HPE confirmed working diligently to protect customer data but did not disclose specific remediation measures. Dimension Data and other affected providers declined public comment on their involvement, while IBM stated it found no evidence of sensitive corporate data compromise. The campaign demonstrated persistent vulnerabilities in cloud supply chains and raised questions about institutional capacity to detect sophisticated intrusions. Chinese authorities consistently denied involvement, characterizing allegations as "slanderous" and asserting opposition to cyber-enabled industrial espionage. U.S. prosecutors later formally attributed the attacks to Chinese actors operating for economic advantage.