The US government warned that a hacking group popularly known as “cloudhopper,” which western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in an attempt to steal data from their clients.
The Department of Homeland Security issued a technical alert for cloudhopper, which it said was engaged in cyber espionage and theft of intellectual property, after a warning earlier this week from two prominent cybersecurity companies that says Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.
Chinese authorities have repeatedly denied claims by Western cyber security firms that it supports hackings.
Homeland Security released the information to back US companies in responding to attacks by the notorious group, which is targeting information technology, energy, healthcare, communications, and manufacturing firms.
“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” said Christopher Krebs, a DHS official, in a statement.
The reported spike in Chinese hacking comes after what cybersecurity firms tagged as a lull in such attacks prompted by the 2015 agreement between Chinese President Xi Jinping and former US President Barrack Obama to curb cyber-enabled economic theft.
“I can tell you now unfortunately the Chinese are back,” said Dmitri Alperovitch, who is the chief technology officer of US cybersecurity firm CrowdStrike, on Tuesday at a Security Conference in Washington DC. “We’ve seen a huge pickup in activity over the past year and a half. Nowadays they are the most predominant threat actors we see threatening institutions all over this country and western Europe.”
Analysts with FireEye, another US cybersecurity firm, said that some of the Chinese hacking groups it tracks have become more active in recent months.
Wednesday’s alert offered advice on how US firms can prevent, identify, and remediate attacks by cloudhopper, which is also called Red Leaves and APT10.
The hacking group has mostly targeted firms known as managed service providers, which provide telecommunications, technology, and other services to businesses around the world. Managed service providers are ideal targets due to their networks that provide routes for hackers to access sensitive systems for their many clients, according to Ben Read, a senior intelligence manager in FireEye.
“We’ve seen this group route malware through an MSP network to other targets,” said Read.
Interested to see more? Follow HQBroker News now for more updated news from the global market. You can read more news articles about the tech industry here! Join and enjoy our community only here in HQBroker.