Operation Cloud Hopper
For many businesses, the network now extends to suppliers who provide management of IT services. Managed Service Providers (MSPs) can become a key enabler for businesses by allowing them to focus on their core mission while suppliers take care of background tasks. However, the network connectivity which exists between MSPs and their customers can provide a window for attackers to jump through if security precautions are not followed.
We have worked closely with PwC’s cyber security practice and the UK’s National Cyber Security Centre (NCSC), to uncover and disrupt what is thought to be one of the largest ever sustained and sophisticated global cyber espionage campaigns. BAE Systems’ Threat Intelligence team have confirmed these intrusions are attributed to a known cyber-espionage group referred as ‘APT10’.
Operation Cloud Hopper Infographic
Attack stages for APT10 in targeting MSP end-customers
BAE Systems Head of Cyber Threat Intelligence, Dr Adrian Nish said: 
“This campaign is unprecedented in that the actors have successfully compromised several major Managed Service Providers in order to syphon data from their customer networks. Organisations large and small rely on these providers for management of core systems and as such they can have deep access to sensitive data. The attackers have realised this and focused efforts on infiltrating MSPs to jump into their victim’s systems and steal intellectual property and other corporate material.”
“We identified this known threat actor referred to as ‘APT10’ in the security community. The group appear to have been largely dormant from 2014 to mid-2016, but are now highly active. It looks like they are back to stealing secrets from international companies – very similar to what we observed in the ‘peak’ era of such activity from ~2008-2013”
“From the end-target customer’s perspective, this kind of attack is a form of supply chain risk and management of this sits jointly across procurement, legal, and security functions. Managed Service Providers offer benefits for businesses in terms of efficiency and cost savings – but are also an attractive target for threat actors. Businesses should emphasize the importance of security to their procurement teams and ensure suppliers aren’t being squeezed to lower prices at the expense of this.”
BAE Systems’ and PwCs respective Threat Intelligence teams share a mutual interest in new cyber threats. The organisations partnered through their membership of the Cyber Incident Response (CIR) scheme to share intelligence and develop the most comprehensive picture possible of this threat actor’s activities. Information sharing like this underpins the security research community and serves to aid remediation and inform decisions that companies make about their security needs. 
A BAE Systems threat intelligence blog has been published detailing findings from investigations into these on-going attacks and raise awareness. To read a joint PwC and BAE Systems report, click here
12 Default Profile Image
Head of External Communications
Media Team
Digital Intelligence