Hackers the Ministry of State Security of China have been able to access the IBM and Hewlett Packard Enterprise (HPE) and later attempted to exploit this security flaw in order to access the computers of the two companies' customers.
The attacks are part of a Chinese operation known as Cloudhopper, which the United States and the United Kingdom said on Thursday they infected technology service providers to steal secrets from their customers.
Cloudhopper directed managed services to remotely manage its technology operations (MSPs) to access customer networks and steal corporate secrets from companies around the world, according to a US federal indictment against two Chinese citizens. The promoters did not identify the violated MSPs.
While cyber security companies and government agencies have issued a number of warnings about Cloudhopper's threat since 2017, they have not revealed the identity of technology companies whose networks have been compromised.
IBM said it had no evidence that sensitive corporate data had been compromised. Hewlett Packard said it could not comment on the Cloudhopper operation.
Businesses and governments are increasingly looking for companies known as service providers to remotely manage their technology operations (MSPs), which includes servers, storage, network and helpdesk support.
