Third Party IT Service Providers in the UK Targeted by Chinese Hackers

Media Division | April 6, 2017

From cleverly crafted malware and phishing campaigns to exploiting holes in security software, cyber attackers are constantly finding new methods and vectors to target a variety of organizations.  Attackers these days do not even have to target the organization directly in many cases, as many companies work with third-party vendors that attackers can use to indirectly breach the organization.  Such is the case in a recent discovery that Chinese hackers are targeting third-party IT services providers in the UK to be able to access the organizations that they are working with.

Details of the Attacks

According to a joint report from BAE Systems and PwC, IT service providers have become a prime target by a Chinese hacking group known as APT10.  Being that IT suppliers typically have direct access to their client’s networks and systems, they can be a lucrative target for these hackers to be able to breach a variety of organizations.  There have been no IT service organizations that were actually named in the report, but apparently included those in cloud and enterprise services.

The attackers have been quite clever in the way that they launch the attacks.  Apparently, they launch phishing attacks to trick the IT providers into installing some sort of malware, and once they have infected the systems, they will work to obtain access to the provider’s variety of client networks.  The attackers then use the IT provider’s own systems to stealthily purloin intellectual property. Most organizations also keep a wide array of customer information on their systems as well, which can also be highly valuable for these hackers. It is suspected that these attacks have been going on since as early as 2014.

Origins of APT10

APT10 is not a new threat actor, and they have shown themselves in a multitude of different attacks which targeted various industries and sectors.  They are said to have been active and operating since at least 2009, and have created and employed several well-known and malicious malware strains, including Poison Ivy and PlugX.  APT10 has continued to modify and alter their methods as the years go by.  For instance, once their Poison Ivy malware was discovered and detailed in a report by FireEye, they then retooled their methods before continuing.  As labeled above, they are suspected to be a Chinese threat actor due to several analyses of the timing of their attacks. They are believed to be quite a large group and likely consist of several different teams with their own specialties or responsibilities.  Aside from their current large campaign against IT service providers, they are also believed to be involved in a massive targeting of Japanese organizations using a malware campaign known as ChChes.

Fortifying an Organization with Cyber Security Intelligence

Threat actors have become quite adept at circumventing traditional reactive security methods, and cyber security has had to continue to adjust to maintain appropriate protection.  In reality, basic defensive and reactive methods will always have their place in cyber security, but they can no longer provide the protection needed by themselves.  Nowadays, proper cyber security requires prediction and prevention of threats and attackers, rather than a purely defensive posture.  Hence, why cyber security intelligence is more necessary than ever.  Cyber security intelligence services can relay information in regard to the patterns and indicators of threats around the web, which allows organizations to immediately fortify against them before they can launch an attack.  Massive Alliance’s cyber security intelligence services can help an organization to stay ahead of the threats and attackers that surround them.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.