Bruce SchneierSCHNEIER:8206CBDC686AFFEEF7B861D8B6963178Details of the Cloud Hopper Attacks
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported.
> The hacking campaign, known as βCloud Hopper,β was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them. A Reuters report at the time identified two: Hewlett Packard Enterprise and IBM.
>
> Yet the campaign ensnared at least six more major technology firms, touching five of the worldβs 10 biggest tech service providers.
>
> Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.
>
> Waves of hacking victims emanate from those six plus HPE and IBM: their clients. Ericsson, which competes with Chinese firms in the strategically critical mobile telecoms business, is one. Others include travel reservation system Sabre, the American leader in managing plane bookings, and the largest shipbuilder for the U.S. Navy, Huntington Ingalls Industries, which builds Americaβs nuclear submarines at a Virginia shipyard.