DHS aware of ongoing APT attacks on cloud service providers

Attacks most likely linked to APT10, a Chinese cyber-espionage group, also known as Red Apollo, Stone Panda, POTASSIUM, or MenuPass.
Written by Catalin Cimpanu, Contributor

The US Department of Homeland Security has issued an alert today about "ongoing" cyber-attacks against managed service providers --a term used to describe online cloud-based services.

The DHS believes the attacks are being carried out by advanced persistent threats (APTs), a generic term used by the cyber-security industry to describe cyber-espionage and hacking units under the control and operating under the supervision of foreign governments.

The alert was released earlier today by the United States Computer Emergency Readiness Team (US-CERT), an incident prevention and response organization part of the DHS' National Cybersecurity and Communications Integration Center (NCCIC).

US-CERT didn't name any threat actors or countries by name but left enough clues for the cyber-security community to draw its own lines about the source of the attacks.

In today's alert, the DHS said a previous threat alert --TA17-117A-- included information related to today's activity.

TA17-117A warned about ongoing attacks with a new malware strain named RedLeaves. An Accenture report from April 2018 linked this malware to nation-state group known as APT10, of Chinese origin.

Similarly, a PwC and BAE Systems joint report also warned about APT10 mounting attacks on cloud service providers since April 2017, in line with today's alert.

ZDNet has also learned from industry sources about ongoing APT10 activity, although we cannot share more information at the moment due to an ongoing investigation.

In July 2018, the DHS, through US-CERT, also issued a similar warning of increased activity from nation-state hackers, criminal groups, and hacktivists against cloud-based Enterprise Resource Planning (ERP) systems.

Today's DHS alert is no surprise for people in the know. A report published this year in May by 401TRG, the Threat Research & Analysis Team at ProtectWise, warned that Chinese hackers, in general, were preparing supply chain attacks.

In a world where most companies are moving their businesses online, "the cloud" has become an important part of most businesses' supply chain.

Today's US-CERT alert, which included recommendations and instructions on how to secure managed service providers and how to detect intrusions, was also accompanied by a separate guide for using credential and privileged-access management to mitigate possible attacks.

The 10 scariest cloud outages (and lessons learned from them)

Related APT coverage:

Editorial standards