Chinese “Operation Cloud Hopper” Attacks Supply Chain

[Infosecurity Magazine] “PwC UK worked closely with UK defense firm BAE Systems and the new National Cyber Security Centre (NCSC) to uncover “Operation Cloud Hopper”, which they’re claiming to be “one of the largest ever sustained global cyber espionage campaigns.”

Such “stepping stone” attacks are not uncommon, but the scale of this campaign is noteworthy, with MSP infrastructure used as “part of a complex web of exfiltration routes spanning multiple victim networks.”

The group behind the attacks may have started operations as early as 2014, although it stepped up activity in 2016, adapting its tools and techniques all the time.”