Slashdot Mirror
China Hacked HPE, IBM and Then Attacked Clients, Report Finds (reuters.com)
An anonymous reader quotes a report from Reuters: Hackers working on behalf of China's Ministry of State Security breached the networks of Hewlett Packard Enterprise and IBM, then used the access to hack into their clients' computers, according to five sources familiar with the attacks. The attacks were part of a Chinese campaign known as Cloudhopper, which the United States and Britain on Thursday said infected technology service providers in order to steal secrets from their clients. While cybersecurity firms and government agencies have issued multiple warnings about the Cloudhopper threat since 2017, they have not disclosed the identity of technology companies whose networks were compromised. IBM said it had no evidence that sensitive corporate data had been compromised. HPE said it could not comment on the Cloudhopper campaign.
Cloudhopper targeted managed service providers (MSPs) to access client networks and steal corporate secrets from companies around the globe, according to a U.S. federal indictment of two Chinese nationals unsealed on Thursday. Prosecutors did not identify any of the MSPs that were breached. Cloudhopper, which has been targeting technology services providers for several years, infiltrated the networks of HPE and IBM multiple times in breaches that lasted for weeks and months. Reuters was unable to confirm the names of other breached technology firms or identify any affected clients. Both IBM and HPE provided statements but declined to comment on the specific claims made by the sources. "The security of HPE customer data is our top priority," HPE said. "We are unable to comment on the specific details described in the indictment, but HPE's managed services provider business moved to DXC Technology in connection with HPE's divestiture of its Enterprise Services business in 2017."
"IBM has taken extensive counter measures worldwide as part of its continuous efforts to protect itself and its clients against constantly evolving threats," the company said in an emailed statement. "We take responsible stewardship of client data very seriously and have no evidence that sensitive IBM or client data has been compromised."
Cloudhopper targeted managed service providers (MSPs) to access client networks and steal corporate secrets from companies around the globe, according to a U.S. federal indictment of two Chinese nationals unsealed on Thursday. Prosecutors did not identify any of the MSPs that were breached. Cloudhopper, which has been targeting technology services providers for several years, infiltrated the networks of HPE and IBM multiple times in breaches that lasted for weeks and months. Reuters was unable to confirm the names of other breached technology firms or identify any affected clients. Both IBM and HPE provided statements but declined to comment on the specific claims made by the sources. "The security of HPE customer data is our top priority," HPE said. "We are unable to comment on the specific details described in the indictment, but HPE's managed services provider business moved to DXC Technology in connection with HPE's divestiture of its Enterprise Services business in 2017."
"IBM has taken extensive counter measures worldwide as part of its continuous efforts to protect itself and its clients against constantly evolving threats," the company said in an emailed statement. "We take responsible stewardship of client data very seriously and have no evidence that sensitive IBM or client data has been compromised."
To not be evil. Because that is what they are. They will do anything to get the advantage.
Corporatism != Free Market
Donald you know you want to, and it's the ULTIMATE distraction from your failing trade war or the Mueller investigation or any of that stuff... NUKE CHINA! If you don't you're just a pussy like Obama, except you golf 4x more.
This is unforgivable, in terms of IBM and HPE.
They stored client details in a manner that hacked credentials could access them? IBM and HPE could be up for millions, if not billions, in damages here. Client details should be amongst the most secure credentials they have. As a senior technical consultant, my credentials at my clients are usually second only to their system administrators. If they leaked out, it would be catastrophic!
Would not want to be at HPE or IBM right about now...
When a large chunk of IBM is based in China? They donâ(TM)t need backdoors. They have the keys to the front door because they were hired to build it....
At what point does the US say 'enough', and punches back twice as hard?
The US Secret Service was the main federal law enforcement and intel agency until the rise of organized crime and J Edgar got momentum. I defy anyone to show evidence that the federal government had the Secret Service running around Europe breaking into star inventors' offices and pilfering their secrets.
If they did, and were caught, the empires of Europe would have declared war on us. It is one thing to steal ideas at the patent office. This is an act of aggression.
So no evidence? more fake news?
Oh my little retarded shit for brain, Melania cost nothing at all. And you cannot even fathom it.
Well, let us see. Depends. Is her ear insanely cute? Is her neck long and ridiculously elegant? Are her lips as soft as a bunnies fur and red as Penceâ(TM)s blood? Tough choice
“Hackers working on behalf of China's Ministry of State Security breached the networks of Hewlett Packard Enterprise and IBM, then used the access to hack into their clients' computers, according to five sources familiar with the attacks.”
The Truth About Cambridge Analytica-SCL: Psy-ops by UK-US Deep State Actors
“Its ‘hard sell’ was a demonstration of how the UK government could use a sophisticated media campaign of mass deception to fool the British people into the thinking an accident at a chemical plant had occurred and threatened central London.”
Half? Putin only takes half? I thought that was Saudi Arabia
Cloudhopper sounds *English* (hopper), and designed to read well in the press. Which suggests its not a real thing for a Chinese code name.
Code names are to obscure not explain. They're to encode not make good MEMEs.
Story likely false.
Putin gets half, Erdogan gets half, and Mohammed Bin Sultan gets half. Three halves, like any fair and stable Trump pyramid deal. Melania's cut comes out of Putin's cut, Trump won't have anything left when it's over.
I failed math. Would that explain this logic?
There is no proof that this was from China. Remember how easy it is to fake IP addresses! Many of our people are now saying that libtards seem to want to move from blaming the Russia for everything now to blaming the China for our own troubles. Sad!
"Reuters was unable to confirm the names of other breached technology firms or identify any affected clients. "
"The sources, who were not authorized to comment on confidential information gleaned from investigations into the hacks"....
I now announce from my basement that I have found the cure for all cancers but I can't tell you how or give you any proofs.
IBM is a Chinese company. I was working there in 2007 when part of the DOD decided to outsource Exchange to IBM. They though better of it and IBM was not allowed to touch any DOD Exchange clusters. IBM still got paid and I still had a job doing nothing.
Have these companies considered using IBM Cybersecurity Services or HPE Server Infrastructure Security Solutions?
Based on what I am reading, these products are designed to stop cyberattacks by being the "strongest defense."
... there would be no empty scarewords in the headline. They'd have to come up with actual content to share.
Actual content is death on clickbait. So empty scarewords it is. Hacking!
If you're not hosting a specific task related to China, don't allow the traffic. I've blocked China, Russia, Poland, Ukraine etc. because what I do requires no contribution outside the domestic market. If I want something to work in China, I'll host it in China.
I DISCOVERED MODEMS CHINA MAKES EVEN YOUR ISP CAN'T GET INTO FOR DNS CHANGE (& China can) https://slashdot.org/comments....
APK
P.S.=> From L1->L2->NOC @ spectrum COULD NOT GET INTO THEIR OWN DISTRIBUTED MODEMS (rebranded as "Spectrum" but REALLY a CHINESE TECHNICOLOR MODEM)... apk