A hacker group called APT10, likely backed by China, has compromised and infiltrated MSP (managed services provider) networks to access end-customer systems since at least 2016, according to a 25-page PwC UK and BAE Systems report. The hacks, collectively dubbed Operation Cloud Hopper, may date back to 2014 or so, the report suggests. In response, SolarWinds MSP has published five recommendations to help MSPs combat the cyber threat.
The PwC UK-BAE report does not reveal the size or nature of the MSP targets. While midmarket and enterprise MSPs are obvious targets, SMB-focused IT service providers should not assume that they're free and clear of these attacks.
"The campaign, which we refer to as Operation Cloud Hopper, has targeted managed IT service providers (MSPs), allowing APT10 unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally. A number of Japanese organisations have also been directly targeted in a separate, simultaneous campaign by the same actor."
Politics, Power and Protective Measures...
Overall, PwC UK and BAE Systems believe the cyber hackers are somehow tied to China. And the attacks apparently target "diplomatic and political organisations in response to geopolitical tensions, as well as the targeting of specific commercial enterprises..."
In response to the threat, SolarWinds MSP Global Cyber Security Strategist Ian Trump has outlined five steps MSPs should take to lock down their systems.
Trump closely tracks and studies the hacker underworld. Last time we spoke, he and I were at RSA Conference 2017 in San Francisco. At the time, Trump was studying security trends -- and potential security opportunities -- for SolarWinds MSP.