Menu
Browse

Cyber Incident Victim: Hewlett Packard Enterprise

Date:

Jan 2010

Location:

China

Summary

Hewlett Packard Enterprise's cloud computing services were compromised by suspected Chinese state-sponsored hackers linked to the Ministry of State Security, enabling attackers to use the company as a launchpad for infiltrating customer networks. The campaign, known as Cloud Hopper and attributed to group APT10, targeted multiple technology firms and government entities to steal corporate secrets for economic espionage purposes. Despite security countermeasures and international agreements against cyber-enabled industrial spying, the attackers persistently exploited cloud service vulnerabilities over several years. The incident revealed systemic challenges in threat response, as service providers reportedly withheld critical breach information from affected clients, potentially limiting damage assessments and remediation efforts while exposing broader risks in outsourced IT infrastructure.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
2 actors Available to members Available to members

Description

Between 2014 and 2017, suspected Chinese state-sponsored hackers affiliated with the Ministry of State Security conducted a sustained cyber espionage campaign known as Cloud Hopper, targeting multiple global technology service providers and their clients. The hacking group APT10 compromised Hewlett Packard Enterprise’s cloud computing infrastructure, exploiting this access to infiltrate customer networks, including Swedish telecommunications firm Ericsson. Ericsson experienced five separate breaches during this period, with one intrusion in September 2016 traced directly to the attackers’ foothold within HPE’s systems. The hackers leveraged compromised IT service providers as intermediaries to steal sensitive corporate and government data, circumventing direct attacks on hardened target networks. U.S. prosecutors later asserted the campaign aimed to advance Chinese economic interests through systematic intellectual property theft. Other affected providers included NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu, and IBM, though the full scope of compromised entities remains unclear due to nondisclosure practices.

Cyber Incident Image

HPE confirmed working to mitigate the attacks and protect customer information, emphasizing continued vigilance against state-sponsored threats. However, service providers frequently withheld breach details from affected clients, citing legal and reputational concerns, which hampered coordinated responses. Despite a 2015 U.S.-China agreement prohibiting economic cyber espionage, APT10 continued operations, exploiting vulnerabilities inherent in outsourced cloud services. Investigations by Western governments and private firms revealed persistent security gaps in multi-vendor cloud environments, where lateral movement between provider and client systems enabled large-scale data exfiltration. Many victims lacked awareness of compromises, and damage assessments proved difficult due to the attackers’ stealth and the fragmented disclosure of incident details. China consistently denied involvement, dismissing allegations as unfounded slander while publicly opposing cyber-enabled industrial espionage. The campaign underscored systemic challenges in cloud supply chain security and institutional information sharing during cross-jurisdictional cyber incidents.

Sources
Sources available to members
1 source