Cyber Incident Victim: DXC Technology
Date:
Jan 2010
Location:
China
Summary
A major IT services provider was compromised by Chinese state-sponsored hackers, enabling unauthorized access to multiple corporate and government clients through its cloud infrastructure. The attackers, identified as APT10, exploited this access to systematically exfiltrate sensitive data over several years, targeting intellectual property and strategic information to advance economic interests. Despite detection efforts and a multinational cybersecurity agreement, the campaign persisted due to vulnerabilities in shared cloud environments and insufficient information sharing between service providers and affected organizations. The incident underscored systemic risks in third-party IT outsourcing, with compromised firms often unaware of breaches or the full scope of data losses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2014 and 2017, suspected Chinese state-sponsored hackers conducted a sustained cyber espionage campaign known as Cloud Hopper, targeting at least eight major technology service providers including Hewlett Packard Enterprise (HPE), IBM, Fujitsu, NTT Data, Dimension Data, and Tata Consultancy Services. The attackers, identified by security researchers as APT10 and linked by U.S. prosecutors to China's Ministry of State Security, breached these companies' cloud computing infrastructures to gain access to their clients' networks. The intrusion method involved compromising IT service providers' systems and using them as launchpads to infiltrate customer organizations across multiple sectors, including telecommunications and government entities. Swedish telecom firm Ericsson experienced five separate breaches during this period, with one 2016 intrusion traced directly to its connection with HPE's cloud services. Security teams at affected organizations documented extensive efforts to counter the attacks, with Ericsson's cybersecurity staff assigning codenames like "Pinot Noir" to their response operations. Despite detection and mitigation attempts by corporate security specialists, the hackers maintained persistent access over multiple years, exfiltrating corporate secrets and government data to advance Chinese economic interests according to U.S. authorities.
The Cloud Hopper campaign exposed systemic vulnerabilities in cloud service supply chains and information-sharing failures among compromised parties. Service providers frequently withheld breach details from affected clients due to concerns about legal liability and reputational damage, according to internal records and interviews with investigators. This lack of transparency hampered coordinated responses and left many victims unaware they had been compromised, with organizations like Ericsson uncertain about the full scope of data stolen. The attacks continued despite the 2015 U.S.-China agreement prohibiting economic cyber espionage, demonstrating the operational persistence of state-aligned threat actors. While HPE stated it "worked diligently" to mitigate impacts and protect customer information, other providers including IBM maintained they found no evidence of sensitive data compromise. The Chinese government consistently denied involvement, with the Foreign Ministry characterizing hacking accusations as "slanderous" and asserting Beijing's opposition to cyber-enabled industrial espionage. Forensic evidence revealed the campaign's focus on exploiting cloud infrastructure weaknesses to harvest intellectual property and strategic documents from Western institutions over a three-year period.