Cyber Incident Victim: Huntington Ingalls Industries
Date:
Jan 2010
Location:
United States of America
Summary
Suspected Chinese state-sponsored hackers, identified as APT10, conducted a prolonged cyber espionage campaign targeting multiple technology service providers to compromise their clients, including Huntington Ingalls Industries. The attackers exploited cloud infrastructure vulnerabilities to steal sensitive corporate and government data, aiming to advance economic interests. Service providers' reluctance to disclose breaches hindered effective response, allowing continued unauthorized access and data exfiltration across numerous organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2014 and 2017, suspected Chinese state-sponsored hackers conducted a sustained cyber espionage campaign dubbed 'Cloud Hopper,' targeting at least eight major technology service providers including Hewlett Packard Enterprise (HPE), IBM, Fujitsu, NTT Data, Dimension Data, and Tata Consultancy Services. The attackers, identified by security researchers as Advanced Persistent Threat 10 (APT10) and linked by U.S. prosecutors to China's Ministry of State Security, exploited vulnerabilities in cloud computing services to compromise these IT providers. By breaching the providers' systems, the hackers gained persistent access to client networks across multiple sectors, including telecommunications, healthcare, finance, and defense. Huntington Ingalls Industries (HII), the largest U.S. military shipbuilder, was among the confirmed victims compromised through this supply-chain attack vector. The attackers used stolen credentials and sophisticated malware to maintain long-term access to victim networks, systematically exfiltrating intellectual property, sensitive government data, and corporate secrets over several years. Security teams at affected organizations like Swedish telecom Ericsson documented repeated intrusions, with one 2016 incident requiring a months-long containment operation codenamed 'Pinot Noir' after renewed attacks originating through HPE's compromised cloud infrastructure.
The campaign continued despite a 2015 U.S.-China agreement prohibiting economic cyber espionage, with service providers often withholding breach details from clients due to liability concerns and reputational risks. Internal documents revealed that many victims remained unaware of compromises, while others couldn't determine the full scope of data theft. U.S. federal prosecutors later indicted two Chinese nationals in 2018 for their alleged roles in APT10 operations, accusing the group of stealing hundreds of gigabytes of sensitive data from HII and 45 other companies across 12 nations. HPE acknowledged working to mitigate the attacks and protect customer information, while IBM stated it found no evidence of sensitive corporate data compromise. The Chinese government consistently denied involvement, with the Foreign Ministry calling accusations "slanderous" and asserting opposition to cyber-enabled industrial espionage. The incident exposed systemic vulnerabilities in cloud service provider security models and highlighted challenges in coordinating threat intelligence between private sector victims and government agencies during cross-jurisdictional cyber intrusions.