A detailed report published by Australian broadcaster Channel Nine and Fairfax media has revealed that China’s top security agency was behind a large number of cyber-attacks that targeted Australian businesses and institutions this year.
The cyber-attacks are being carried out in order to steal intellectual property belonging to Australian firms and institutions and are part of a much larger campaign dubbed “Operation Cloud Hopper” which is run with the blessings of China’s Ministry of State Security.
Operation Cloud Hopper a work of Chinese hackers
Operation Cloud Hopper was first detected and analysed in detail by cyber security experts at the UK’s National Cyber Security Centre (NCSC), BAE Systems and PwC and it was then concluded that the hacker group (APT10) behind the operation had links to China’s People’s Liberation Army (PLA).
“The espionage campaign has targeted managed IT service providers (MSPs), allowing the APT10 group unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally.
“The sheer scale of the operation was uncovered through collaboration amongst organisations in the public and private sectors, but is still only likely to reflect a small portion of APT10’s global operations. A number of Japanese organisations have also been targeted in a separate, simultaneous campaign by the same group, with APT10 masquerading as legitimate Japanese government entities to gain access,” says PwC.
According to BAE systems, Managed Service Providers (MSPs) are the favourite targets of hackers behind Operation Cloud Hopper as they serve as a hub from which hackers can access multiple end-victim networks through supply chain attacks.
The recent report from Fairfax media cited senior unnamed Australian officials who said that cyber-attacks emanating from China were “a constant, significant effort to steal our intellectual property” and that the involvement of Chinese hackers was confirmed by the Five Eyes Alliance, an intelligence gathering network composed of cyber security experts from the United States, Britain, Australia, Canada, and New Zealand.
What’s more worrying for officials is that the intensity of attacks carried out by APT10 increased significantly after the two countries entered into an agreement last year to not steal each other’s intellectual property secrets.
When confronted with the news, China’s foreign ministry dismissed the allegations, calling them “groundless, speculative, unprofessional and irresponsible”.
Cyber-attacks against Australian businesses and institutions isn’t a new phenomenon. Last year, an Australian defence contractor’s IT helpdesk portal was hacked into by an unnamed hacker who went on to steal 30GB worth defence documents. The lost data contained details about Australia’s $18bn Joint Strike Fighter programme thanks to which the country is arming its Air Force with 72 top-end F-35 strike aircraft. The data also contained details about the submarine-hunter P-8 Poseidon aircraft as well as designs for several upcoming battleships.
A major reason behind the successes enjoyed by APT10 is that a large number of Australian companies have entrusted Managed Service Providers with the maintenance and upkeep of their databases. Some of these MSPs do not have excellent cyber security credentials yet they enjoy large clientele as they market their services at lower prices. According to Dr Nish from BAE, Australian firms should start asking tough questions of MSPs who they entrust with securing their databases.