Content, Asia Pacific, Breach, Channel markets, EMEA, Europe

Germany Alleges Chinese Cyber Spies Target MSPs, IT Service Providers

Hans-Georg Maassen
Hans-Georg Maassen

The head of Germany's domestic intelligence agency warned Sunday that China allegedly uses IT service providers and misleading LinkedIn accounts to engage lawmakers and other officials as sources, according to Associated Press.

Hans-Georg Maassen, head of Germany's BfV intelligence agency, warned that Chinese cybergroups use  "supply-chain attacks" to get around companies' online defenses, the report said. The attacks target IT workers and others who work for trusted service providers to send malicious software into the networks of organizations the attackers want to target, AP said.

Piggybacking IT service providers is an increasingly common way to launch cyber attacks. Many of the techniques involve hacking RMM (remote monitoring and management) software platforms that MSPs for end-customer support,

"The infections are difficult to detect, since network connections between service providers and their customers aren't suspicious," the BfV said. "This gives the attacker an even better disguise than before."

Deja Vu: PwC UK, BAE Share Similar Reports

Major MSPs and IT consulting firms have tracked the alleged attacks for quite some time. For instance, a hacker group called APT10, likely backed by China, has compromised and infiltrated MSP networks to access end-customer systems since at least 2016, according to a 25-page PwC UK and BAE Systems report.

The hacks, collectively dubbed Operation Cloud Hopper, may date back to 2014 or so, the report suggests. In response, SolarWinds MSP in April 2017 published five recommendations to help MSPs combat the cyber threat.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.