China hacked TCS, 7 other major firms: Report
Hackers working for China’s Ministry of State security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.
Technology service providers such as Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services (TCS), NTT Data, Dimension Data, Computer Sciences Corporation (CSC) and DXC Technology, HPE’s spun-off services arm, were the target of Cloud Hopper attributed to the Chinese government by the United States and its Western allies.
It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks.
Meanwhile, China is denying all involvement in the attacks and companies are claiming that no sensitive information was compromised, but the Reuters report shows otherwise.
A U.S. indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.
Reuters has identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.
HPE said it worked “diligently for our customers to mitigate the attack and protect their information.” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.
NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.
Sabre said it had disclosed a cybersecurity incident in 2015 and an investigation concluded no traveler data was accessed. A Huntington Ingalls spokeswoman said the company is “confident that there was no breach of any HII data,” via HPE or DXC.