Industries

See all industries

Aerospace, defence & security

Automotive

Capital projects & infrastructure

Consumer markets

Energy, utilities & resources

Engineering & construction

Financial services

Forest, paper & packaging

Government & public services

Healthcare

Hospitality & leisure

Industrial manufacturing

Insurance

Pharmaceuticals & life sciences

Private equity

Technology, media & Telecommunications

Transportation & logistics

Featured

Move fast, think slow: How financial services can strike a balance with GenAI

Take on Tomorrow @ the World Economic Forum in Davos: Energy demand

Perspectives from the Global Entertainment & Media Outlook 2024–2028

Services

See all services

Alliances and Ecosystems

Audit and assurance services

Business transformation

Consulting

Crisis management

Deals

Entrepreneurial and private business

Family business

Forensics

Legal Business Solutions

Managed Services

Workforce

Strategy

Sustainability and climate change

Tax

Trust

Featured

Climate risk, resilience and adaptation

Business transformation

Sustainability assurance

Issues

See all issues

Artificial Intelligence

Business model reinvention

Business transformation

C-suite insights

Cybersecurity

Climate and sustainability

Megatrends

Risk and regulation

Technology

Trust

Upskilling

Value creation

Workforce

Featured

The Leadership Agenda

Global Workforce Hopes and Fears Survey 2024

The s+b digital issue: Corporate “power changers”

About us

See more About Us

Alumni

Analyst relations

Client case studies

Ethics and compliance

Committing to Net Zero

Corporate sustainability

Diversity and inclusion

PwC's Global Annual Review

Global regulatory affairs

Human rights statement

Leadership team

Network governance and structure

New Ventures and Innovation

News room

Our purpose and values

PwC office locations

PwC's Code of Conduct

Strategy Council

Strategy&

Tax Code of Conduct

Third party code of conduct

Transparency Report

Featured

The New Equation

PwC’s Global Annual Review

Committing to Net Zero

Careers

Find out more about careers

Search for a job

Featured

The New Equation

PwC’s Global Annual Review

The Solvers Challenge

Loading Results

No Match Found

Unmasking a global cyber espionage campaign

Setting the scene

For the last eight years, and possibly even longer, a global espionage campaign has been underway. Believed to be the work of a threat actor based in China and known to the security community as APT10, the campaign has seen a wide-ranging information collection spree conducted initially against the US defence industrial base and the technology and telecommunications sector, but now spreading to multiple industries and sectors worldwide.

Most recently, managed IT service providers (MSPs) have been under attack. And the campaign against them – known as Operation Cloud Hopper – has given APT10 unprecedented access to the intellectual property and sensitive data of MSPs and their clients across the globe.

“The indirect approach of this attack highlights the need for organisations to have a comprehensive view of their threat landscape, which includes their supply chain, and focus on improving their ability to hunt for this type of activity.”

Kris McConkeyCyber security partner, PwC UK

How we helped

Since late 2016, PwC UK has been helping the victims of these attacks. PwC's threat intelligence team has been collaborating with other leading security research organisations and the UK's National Cyber Security Centre to track and research APT10’s actions, and PwC UK’s incident response team has been leading investigations into security compromises linked to APT10, and actively removing the attacker's access to victim organisations' systems and data.

The collaborative research uncovered important new information. It found that APT10 almost certainly benefits from significant staffing and logistical resources, which have been stepped up since 2016. It also found that APT10’s operations over the past two years have likely comprised multiple teams, each responsible for a different process – domain registration, infrastructure management, malware development, target operations and analysis.

The research also gave further weight to the belief that APT10 is a China-based threat actor, based on patterns within domain registrations and file compilation times. It showed how APT10 has been systematically targeting Japanese organisations using the bespoke malware called ‘ChChes’.

“New forms of attack require new ways of working to defend our society. Close working and collaboration is key.”

Richard HorneCyber security partner, PwC UK

Impact

This collaboration enabled PwC UK to provide an essential heads up to the global security community, as well as MSPs and known victims, to help prevent, detect and respond to ATP10’s attacks. The firm also shared its detailed technical analysis, including the critical ‘indicators of compromise’, with the UK’s National Cyber Security Centre.

As Richard Horne, Cyber Security Partner at PwC UK, put it: “The future of cyber defence lies beyond simple intelligence sharing, but in forging true collaboration between organisations in the public and private sector with the deep technical and innovative skills required to combat this type of threat”.

The story of our year

Explore our Global Annual Review

PwC office locations Site map Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Setting the scene

How we helped

Impact

Other stories

Helping Whitbread to create the digitally driven supply chain of the future

Working with Pernod Ricard to deliver digital integration

Harnessing the power of AI to transform the detection of fraud and error

Preventing tax collection leakages in India