China Hacked HPE, IBM and Then Attacked Clients-Sources

Hackers working on behalf of China’s Ministry of State Security breached the networks of Hewlett Packard Enterprise Co and IBM, then used the access to hack into their clients’ computers, according to five sources familiar with the attacks.

The attacks were part of a Chinese campaign known as Cloudhopper, which the United States and Britain on Thursday said infected technology service providers in order to steal secrets from their clients.

While cybersecurity firms and government agencies have issued multiple warnings about the Cloudhopper threat since 2017, they have not disclosed the identity of technology companies whose networks were compromised.

International Business Machines Corp said it had no evidence that sensitive corporate data had been compromised. Hewlett Packard Enterprise (HPE) said it could not comment on the Cloudhopper campaign.

The indictment cited one case in which Cloudhopper compromised data of an MSP in New York state and clients in 12 countries including Brazil, Germany, India, Japan, the United Arab Emirates, Britain and the United States. They were from industries including finance, electronics, medical equipment, biotechnology, automotive, mining, and oil and gas exploration.

More From The New York Times: