The Cybersecurity and Infrastructure Security Agency’s cyber threat analysis chief shared fresh details this week around an ongoing campaign of cyberattacks linked to the Chinese government, specifically targeting managed service providers.
“The core issue with the compromise of managed service providers is that it really gives the attacker a force-multiplier effect,” CISA’s Rex Booth said at a summit hosted by FCW Thursday.
Earlier this year, Homeland Security conducted a series of webinars to educate the American public about the rising attacks that take advantage of companies’ possible internal vulnerabilities. Since 2006, the Homeland Security Department has tracked a threat group, commonly known in the security industry as APT10, which Booth noted is sponsored by the Ministry of State Security in China. Between 2014 to 2018, the agency noticed a strategic shift in the threat group’s tactics: The hackers began specifically targeting America’s managed services providers, or MSPs. Those providers remotely manage customers’ information technology infrastructure or other tech-based systems.