US Indicts Chinese Hackers in MSP Network Scheme
Candy Rodriguez | December 20, 2018
The U.S. Justice Department today charged two Chinese-state-sponsored hackers that it says infiltrated managed service provider (MSP) networks and stole companies’ intellectual property and sensitive data. While the U.S. government didn’t name any of the companies whose networks were compromised, Reuters reports that Hewlett Packard Enterprise and IBM are two of them.The two hackers, Zhu Hua and Zhang Shilong, both Chinese nationals, were members of a state-sponsored group called Advanced Persistent Threat 10 or APT 10. They stole information from at least a dozen countries including more than 45 U.S. companies. And according to the indictment, they were working in association with a Chinese intelligence service called the Ministry of State Security.The hackers used malware to gain access to the computer networks and steal data between 2006 and 2018. They targeted a range of industries including banking and finance, telecommunications and consumer electronics, medical equipment, packaging, manufacturing, consulting, healthcare, biotechnology, automotive, oil and gas exploration, and mining. The U.S. government first warned about nation-states using MSP networks to launch attacks in October. At the time it didn’t specifically link the threat to Chinese state-sponsored hackers, although security researchers did. Using an MSP creates a larger attack surface for nation-states and criminals. Once they gain access to MSP networks, they can move between an MSP and its customers’ shared networks. Bidirectional movement between networks allows hackers to more easily avoid detection and maintain their network presence.