Chinese hackers go after third-party IT suppliers to steal data

The hacking group APT10 has been blamed for the global cyberespionage campaign

Companies that choose to outsource their IT operations should be careful. Suspected Chinese hackers have been hitting businesses by breaching their third-party IT service providers.

Major IT suppliers that specialize in cloud storage, help desk, and application management have become a top target for the hacking group known as APT10, security providers BAE Systems and PwC said in a joint report.

That's because these suppliers often have direct access to their client's networks. APT10 has been found stealing intellectual property as part of a global cyberespionage campaign that ramped up last year, PwC said on Monday.

The joint report doesn't identify which IT service providers were hit or how many were found breached. But the providers included several suppliers in enterprise services and cloud hosting.

"It is impossible to say how many organizations might be impacted altogether at this point," BAE Systems said in a blog post.

APT10 has been around since at least 2009 and is believed to be based in China, according to security researchers. To kick off their attacks, the hackers have used spear-phishing email schemes to trick their victims into installing malware, either through an attachment or through a link that leads to a malicious site.

screen shot 2017 04 04 at 12.43.08 pm PwC

Countries targeted by APT10.

From there, APT10 will try to steal the credentials from the IT service provider to hop over to their clients' private networks. The hackers will then move on to intellectual property theft, by using the IT service provider's own infrastructure to secretly exfiltrate the data.

APT10's hacking campaign has continued into this year. The group has targeted a whole range of industries across the globe including retail, energy, technology, and the public sector.

The UK's National Cyber Security Centre has warned the public about the hacking campaign.

“This incident should remind organizations that entire supply chains need to be managed, and they cannot outsource their risk,” it said in a statement.

Businesses should talk with IT service providers about how they protect access to their data and demand any changes needed, the UK center recommended.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?