Rob Barry and Dustin Volz, reporting for Wall Street Journal: The hackers seemed to be everywhere. In one of the largest-ever corporate espionage efforts, cyberattackers alleged to be working for China’s intelligence services stole volumes of intellectual property, security clearance details and other records from scores of companies over the past several years. They got access to systems with prospecting secrets for mining company Rio Tinto, and sensitive medical research for electronics and health-care giant Philips NV. They came in through cloud service providers, where companies thought their data was safely stored. Once they got in, they could freely and anonymously hop from client to client, and defied investigators’ attempts to kick them out for years. Cybersecurity investigators first identified aspects of the hack, called Cloud Hopper by the security researchers who first uncovered it, in 2016, and U.S. prosecutors charged two Chinese nationals for the global operation last December. The two men remain at large.
A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group, one of Canada’s largest cloud companies; Tieto Oyj, a major Finnish IT services company; and International Business Machines. The Journal pieced together the hack and the sweeping counteroffensive by security firms and Western governments through interviews with more than a dozen people involved in the investigation, hundreds of pages of internal company and investigative documents, and technical data related to the intrusions. The Journal found that Hewlett Packard Enterprise was so overrun that the cloud company didn’t see the hackers re-enter their clients’ networks, even as the company gave customers the all-clear.