China (APT10/Cloud Hopper): In 2016 an investigation uncovered an operation, dubbed Cloud Hopper, being carried out by the threat group APT10, which is believed to be linked to the Chinese intelligence service. Recent breakthroughs in the investigation have revealed that the operation was much farther reaching than initially believed. It is now being reported that the intrusion goes well beyond the original 14 companies that were revealed in the criminal indictment unsealed last December and now includes at least a dozen cloud providers. The investigation was conducted by members of the Wall Street Journal through interviews with members of government organizations, as well as multiple security organizations involved in the investigations. The intrusions into cloud providers beyond the initially believed scope mean that the number of victims of the campaign was also significantly greater than previously believed. FBI Director Chris Wray called it the hackers’ equivalent of stealing the master keys to an entire apartment complex. Between April and mid-November there were still thousands of IP addresses globally which were reporting back to APT10’s servers. Private organizations weren’t the only ones hit hard by the campaign; the U.S. Navy had detailed personnel records for more than 100,000 employees stolen. During the course of the investigation, it was discovered that many customers of affected cloud service providers were stonewalled by providers when inquiring about what was happening inside their networks.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased