[Info-vax] Reuters: Security Breach at HPE

[Stephen Hoffman]

Reuters is reporting security breaches at HPE, DXC, IBM, CSC, and other 
organizations.

https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/

"For security staff at Hewlett Packard Enterprise, the Ericsson 
situation was just one dark cloud in a gathering storm, according to 
internal documents and 10 people with knowledge of the matter.

For years, the company’s predecessor, technology giant Hewlett Packard, 
didn’t even know it had been hacked. It first found malicious code 
stored on a company server in 2012. The company called in outside 
experts, who found infections dating to at least January 2010.

Hewlett Packard security staff fought back, tracking the intruders, 
shoring up defenses and executing a carefully planned expulsion to 
simultaneously knock out all of the hackers’ known footholds. But the 
attackers returned, beginning a cycle that continued for at least five 
years.

The intruders stayed a step ahead. They would grab reams of data before 
planned eviction efforts by HP engineers. Repeatedly, they took whole 
directories of credentials, a brazen act netting them the ability to 
impersonate hundreds of employees.

The hackers knew exactly where to retrieve the most sensitive data and 
littered their code with expletives and taunts...

Then things got worse, documents show."



Breaching the servers hosting the HPE operating systems and software 
products and product firmware—if you own the AD, you usually own the 
network—would all be obvious targets for the attackers, too. Cloning 
and then reviewing the existing source code for issues and 
vulnerabilities is obvious. Backdoors or weaknesses or "dumb bugs" 
added into some of the packages would further the cascade, spreading to 
those that have installed the packages.






-- 
Pure Personal Opinion | HoffmanLabs LLC