A China-based cyber gang dubbed APT10 uses custom malware and ‘spear phishing’ techniques to target IT companies, planning to use them as a proxy for future attacks, security firms have reported
The report, authored by the National Cyber Security Centre (NCSC) and cyber units at defense group BAE systems and accountancy firm PwC, has described the attack as “one of the largest ever sustained global espionage campaigns.”
The hackers said to have targeted firms that run IT functions on behalf of large British companies. The group has been active since 2014 but reportedly ramped up its attacks in late 2016.
PwC cybersecurity partner Richard Horne told the Press Association the extent of the malicious campaign is still unclear.
“The reason we’ve gone public with this is because we can see so much and we have seen so much in several managed IT service providers and other companies compromised through it, but we don’t know how far this has gone.
“Us, together with the NCSC and BAE Systems are very keen to get this information out there so we can promote a mass response to this.
“We’ve seen a number of different companies targeted for different reasons, but essentially it’s all around sensitive information they hold, whether that’s intellectual property, or personal information on people or a whole realm of other areas,” he added.
“It’s a very large-scale espionage operation.”
Spear phishing emails booby-trapped with custom-made malware were sent to key staff in IT services firms in the first stage of the attack, the BBC reports.
Once the hackers had won access they sought out intellectual property and other sensitive data.