HPE and IBM were attacked by hackers working on behalf of the Chinese government, multiple sources have claimed.
News of the attack, thought to be part of a long-running campaign known as Cloudhopper, was reported to Reuters by five sources, and targeted secrets both the tech giants themselves and their customers.
Cloudhopper targets the companies known as managed service providers (MSPs) tasked by the likes of IBM and HPE with managing their IT operations remotely. The attack was able to successfully target the MSPs used by IBM and HPE to gain access to their client networks, and then steal customer information.
The MSPs targeted by the attack have not been named, but could cover a range of roles with either firm, from networking to hardware such as servers or storage.
Reuters’ sources have claimed that other major technology firms could also have been affected, as Cloudhopper has been in operation for several years.
Neither HPE nor IBM have commented on the specific details of the attack, but did provide statements.
“IBM has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats,” IBM said. “We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat.”
HPE noted that it had spun out its MSP operations to form a new business, DXC Technology, as part of the 2017 merger with Computer Sciences Corp.
“The security of HPE customer data is our top priority,” HPE said. “We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017.”