A cyber espionage campaign has been targeting contracted IT providers to gain access to their clients’ intellectual property and sensitive information, according to a report.
A Chinese-based hacking group know as APT10 was “almost certainly” behind what a report described as “one of the largest ever sustained global cyber espionage campaigns”.
The group has been targeting providers responsible for the remote management of customers’ IT and end-user systems. It used sophisticated and targeted phishing techniques to gain access networks and custom malware to identify and exploit clients’ computer systems, according to the report by PwC and BAE Systems.
The indirect nature of the attack highlighted the need for firms to have a comprehensive view of their cyber threats, including in their supply chain, said Kris McConkey, partner and lead for cyber threat detection and response at PwC.
APT10 has previously targeted governments and companies directly. The report said it started exploiting contractors as early as 2014 as they are a “high payoff target” that “generally have unfettered and direct access to their clients’ networks. They may also store significant quantities of customer data on their own internal infrastructure.”
Once ATP10 gains access to a provider it would likely “be relatively straightforward to exploit this and move laterally into the networks of potentially thousands of other victims”, the report said.
As well as having a comprehensive view of their threats, the report said organisations need to fully assess the risks posed by third parties and ensure they also take the appropriate steps to manage these risks.
It described ATP10 as a constantly evolving and highly persistent actor, and said last year there was a “significant” increase in the scale of ATP10’s operations, indicating an increase in staffing and logistical resources.
Richard Horne, cyber security partner at PwC, said: “The future of cyber defence lies beyond simple intelligence sharing, but in forging true collaboration between organisations in the public and private sector with the deep technical and innovative skills required to combat this type of threat.
“Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks.”
Horne added that the attacks on IT providers demonstrated the importance of the new National Cyber Security Centre opened by the Queen in February.
☛ Want to stay up to date with the news? Sign up to our daily bulletin.