Cyber Incident Victim: Computer Sciences Corporation
Date:
Jan 2010
Location:
China
Summary
A Chinese state-linked hacking group, APT10, conducted a prolonged cyber espionage campaign targeting multiple technology service providers and their clients through compromised cloud computing infrastructures. The attackers exploited vendor networks, including Hewlett Packard Enterprise, to steal corporate and government secrets, aiming to advance Chinese economic interests. Despite detection efforts and a diplomatic agreement against economic espionage, the campaign persisted, hindered by service providers withholding breach details due to liability and reputational concerns. This lack of transparency left many victims unaware of compromises, underscoring systemic vulnerabilities in cloud security and challenges in coordinated cyber defense.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2014 and 2017, suspected Chinese state-sponsored hackers linked to the Ministry of State Security conducted a prolonged cyber espionage campaign known as 'Cloud Hopper,' targeting at least eight major technology service providers, including Hewlett Packard Enterprise (HPE). The attackers, identified by U.S. prosecutors as APT10, exploited vulnerabilities in cloud computing services to infiltrate IT service providers and use their networks as launchpads for secondary attacks against client organizations. Swedish telecom giant Ericsson was compromised five times during this period, with one notable intrusion detected in September 2016 traced back to unauthorized access through HPE's cloud systems. Internal Ericsson security teams documented these incidents using codenames like 'Pinot Noir' for their response efforts. The campaign's primary objective was economic espionage, involving the theft of corporate intellectual property and government secrets to advance Chinese economic interests. Other confirmed targets included NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu, and IBM, though the full scope of compromised entities remains unclear due to nondisclosure by some providers.
The attacks persisted despite a 2015 U.S.-China agreement prohibiting economic cyber espionage and active countermeasures by corporate security teams. Service providers frequently withheld breach details from affected clients due to concerns about legal liability and reputational damage, hindering coordinated defense efforts. HPE acknowledged mitigating the attacks but did not disclose specifics about data compromises, while IBM stated it found no evidence of sensitive corporate data theft. The incident exposed systemic vulnerabilities in cloud service supply chains, where a single provider compromise could cascade to multiple downstream victims. Chinese authorities consistently denied involvement, dismissing allegations as "slanderous" and asserting non-participation in commercial espionage. Many victim organizations remained unaware of their exposure years after the attacks, underscoring challenges in threat intelligence sharing and cloud security oversight. The campaign demonstrated advanced persistent threat capabilities to maintain operational continuity against sophisticated defenses.