PwC’s cyber security practice has worked closely with BAE Systems and other members of the security community to uncover and disrupt what is thought to be one of the largest ever sustained global cyber espionage campaigns.
The operation, known as ‘Operation Cloud Hopper, began in late 2016, when the scale of the espionage campaign became increasingly apparent. PwC and BAE Systems, through their membership of the Cyber Incident Response (CIR) scheme, shared their research into the campaign with the UK’s National Cyber Security Centre (NCSC), which has notified affected communities. PwC has now gone public with this information as although several companies have been identified as compromised, there may be many other organisations affected.
PwC and BAE Systems believe the hacking group widely known as ‘APT10’ conducted the espionage campaign by targeting providers of managed outsourced IT services as a way into their customers’ organisations around the world, gaining unprecedented access to intellectual property and sensitive data. This indirect approach of reaching many through only a few targets demonstrates a new level of maturity in cyber espionage. The sheer scale of the operation was only uncovered through collaboration and is still only likely to reflect a small portion of APT10’s global operations.
Steven Craven, Cyber & Data Assurance Senior Manager at PwC Isle of Man, commented: ‘The indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they’re exposed to, including those of their supply chain. This is a global campaign which has affected many countries.
‘On the Isle of Man, it’s very common to see businesses outsource certain functions to a managed service provider; and not just for technology. The Isle of Man has a number of "clusters" of business types such as CSP/TSPs, Life Assurance, eGaming, ICT, Professional Services, and Precision Engineering - and as highlighted in this report, targeting is commonly by geography or business sector. I would advise local organisations to work with their IT security team and managed service providers to protect themselves by checking networks for the indicators of compromise.
‘The uncovering of this campaign through private and public sectors working together highlights the importance of true collaboration. We are in a unique position to do this effectively given the size of the Island and the closeness of our business community. Cybercrime is evolving and it is now a matter of when, not if - should businesses wish to discuss this attack and general cyber security awareness, we are available to talk.’
The full report is available to download and read here: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html
Photo - Steven Craven.