Cyber Incident Victim: Fujitsu
Date:
Jan 2010
Location:
China
Summary
A technology firm was compromised as part of a sustained cyber espionage campaign attributed to Chinese state-sponsored actors, specifically the APT10 group, which targeted multiple IT service providers to access client networks. The attackers exploited cloud computing infrastructure to steal corporate and government secrets, aiming to advance Chinese economic interests. The incident revealed systemic vulnerabilities in third-party cloud services and highlighted challenges in threat response, as service providers often withheld breach details from affected clients due to legal and reputational concerns. Despite countermeasures and international agreements prohibiting economic espionage, the campaign persisted, underscoring difficulties in defending against sophisticated state-aligned cyber intrusions and information-sharing gaps among Western institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2014 and 2017, suspected Chinese state-sponsored hackers conducted a sustained cyber espionage campaign dubbed 'Cloud Hopper,' targeting eight major technology service providers including Fujitsu. The attackers, identified by Western officials as Advanced Persistent Threat 10 (APT10), operated on behalf of China's Ministry of State Security to infiltrate information technology service providers' cloud computing infrastructure. By compromising managed service providers like Hewlett Packard Enterprise (HPE), the hackers gained unauthorized access to client networks across multiple sectors. The campaign's operational pattern involved using breached cloud service providers as launchpads to penetrate customer systems, enabling exfiltration of corporate and government secrets over several years. Security teams at victim organizations, including Swedish telecom giant Ericsson, documented repeated intrusions through these supply chain vulnerabilities despite implementing defensive measures. U.S. prosecutors later asserted the attacks aimed to advance Chinese economic interests through systematic intellectual property theft.
The Cloud Hopper attacks exposed significant security weaknesses in outsourced cloud services, where compromised providers inadvertently facilitated access to multiple downstream victims. Fujitsu and other targeted firms including IBM, Tata Consultancy Services, and NTT Data faced operational disruptions and potential data breaches, though full impact assessments remained incomplete due to the attackers' stealth and prolonged access. Internal investigations revealed service providers often withheld breach notifications from clients due to liability concerns, impeding coordinated responses. Despite a 2015 U.S.-China agreement prohibiting economic cyber espionage, APT10 continued operations through 2017, exploiting legal and technical gaps in cross-border cloud environments. The incident underscored systemic challenges in cloud supply chain security and institutional barriers to threat intelligence sharing, leaving many victim organizations unaware of compromises. Fujitsu declined public comment on the attacks when contacted by Reuters, mirroring most other affected providers' limited disclosures about data losses or remediation steps taken.