"Asian Data Center Outsourcer Hacks Affect Fortune 500 Firms"

According to the cybersecurity company Resecurity, threat actors are targeting multinational clients of data center outsourcers and help desk providers in China and Singapore, then selling stolen credentials on data leak sites. These malicious activities are suspected to be part of a nation-state cyber espionage campaign. In January, Resecurity discovered threat actors publishing stolen credentials on Breached[.]to, an underground forum believed to be the successor to the defunct RaidForums. The threat actors gained initial access to the networks of multiple data center outsourcers by exploiting flaws in customer service portals, help desks, and ticket management modules that connect with other applications typically used to service their data center clients. Resecurity saw the threat actors moving laterally within infiltrated networks and exfiltrating various client records, including those of many Fortune 500 companies. In one such attack against GDS Holdings, a provider of data center colocation and managed services in China, threat actors extracted a list of CCTV cameras with associated video stream identifiers used to monitor data center environments, as well as credentials associated with data center operators, Information Technology (IT) staff, and customers. The attackers then used these credentials to access a list of purchased services and implemented equipment, along with data on client-side employees who manage data center operations. This article continues to discuss the possible cyber espionage campaign targeting data center outsourcers and help desk providers in China and Singapore. 

DataBreachToday reports "Asian Data Center Outsourcer Hacks Affect Fortune 500 Firms"