10 Apr 2017

Global campaign targeting multi-national IT service providers

CERT NZ is aware of ongoing targeted attacks against multi-national IT service providers by a group known as APT10.

PwC and BAE Systems have co-authored a comprehensive report on the incident, which is known as Operation Cloud Hopper. It explains the threat in detail, and provides a list of indicators of compromise (IOCs).

PwC report on Operation Cloud Hopper

BAE blog post on APT10 - Operation Cloud Hopper

There is no evidence at this stage to suggest the general public or small to medium enterprises are being targeted.

What to do

Mitigation

The National Cyber Security Centre (NCSC) is the key point of contact for queries about this threat in New Zealand. NCSC is providing advice on threat protection and response to key government and private sector organisations. Their recommendations to organisations include:

  • carrying out an investigation to check networks for any of the indicators included in the PwC and BAE systems reports
  • auditing administrative access into the organisation’s networks (especially via third parties) and carrying out the recommendations in cyber security advisory CSA-006-17.

NCSC Cyber Security Advisory CSA-006-17

As best practice, CERT NZ also recommends all organisations protect themselves online by implementing the Australian Signals Directorate’s strategies to mitigate cyber security incidents.

Strategies to Mitigate Cyber Security Incidents

More information

If you identify any activity that appears to be malicious, or would like to discuss this further, call the NCSC incident line on 04 498 7654.