Justice Department Preps Criminal Charges Against Alleged MSP Hackers
The United States Department of Justice is preparing criminal charges against alleged international hackers who, the U.S. government claims, have infiltrated MSPs (managed services providers) and hijacked RMM (remote monitoring and management) software to penetrate corporate and government networks, multiple sources tell MSSP Alert.
Updated December 20, 11:42 p.m. ET: Charges involving alleged Chinese hackers who hit MSPs surfaced today.
The alleged hackers targeting MSPs apparently have ties to China, and their purported break-ins potentially impact “hundreds of thousands of companies in total,” The Wall Street Journal reports.
Multiple sources point to APT 10 as the hacker group behind the alleged MSP and RMM software break ins. That hacker group typically targets construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan, FireEye has said. APT is short for advanced persistent threat (APT).
U.S. prosecutors could unseal criminal charges against the alleged MSP-focused hackers before the end of December 2018, sources tell MSSP Alert, though The Wall Street Journal has expected the charges to potentially surface within few days.
U.S. Department of Homeland Security’s Warning to MSPs
Clues about the emerging legal case surfaced in October 2018, when the U.S. Department of Homeland Security warned MSPs and cloud services providers (CSPs) that cyber gangsters where targeting their systems and RMM software to penetrate end-customer networks.
The Department of Justice has not replied to MSSP Alert’s request for comment. We will update this article if/when criminal charges related to MSP-focused hackers surface.
Who has been compromised and what has been done to prevent future compromise
It’s stories like this that highlight why Passportal has been working so hard to educate the market on why MSPs in general need to elevate their password management practices and leverage access management solutions to temper who can have privileged rights to client IT systems. Several international hacking groups have realized the power of the IT Channel (much like us Channel focused vendors), and are now employing a channel model to their own malicious efforts. MSPs need to be aware and prepared to protect themselves and their clients from these threats.
John: If/when the criminal complaint is unsealed we will be sure to share deeper details. In the meantime, we’re still digging for more info from sources familiar with the case. Stay tuned and thanks for your readershop.
Colin: Thanks for the note.
Best,
-jp