The United States Department of Justice is preparing criminal charges against alleged international hackers who, the U.S. government claims, have infiltrated MSPs (managed services providers) and hijacked RMM (remote monitoring and management) software to penetrate corporate and government networks, multiple sources tell MSSP Alert.
Updated December 20, 11:42 p.m. ET: Charges involving alleged Chinese hackers who hit MSPs surfaced today.
The alleged hackers targeting MSPs apparently have ties to China, and their purported break-ins potentially impact "hundreds of thousands of companies in total," The Wall Street Journal reports.
Multiple sources point to APT 10 as the hacker group behind the alleged MSP and RMM software break ins. That hacker group typically targets construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan, FireEye has said. APT is short for advanced persistent threat (APT).
U.S. prosecutors could unseal criminal charges against the alleged MSP-focused hackers before the end of December 2018, sources tell MSSP Alert, though The Wall Street Journal has expected the charges to potentially surface within few days.
U.S. Department of Homeland Security's Warning to MSPs
Clues about the emerging legal case surfaced in October 2018, when the U.S. Department of Homeland Security warned MSPs and cloud services providers (CSPs) that cyber gangsters where targeting their systems and RMM software to penetrate end-customer networks.
The Department of Justice has not replied to MSSP Alert's request for comment. We will update this article if/when criminal charges related to MSP-focused hackers surface.