In an incident that highlights the broad-based vulnerability of computer networks everywhere, cyber criminals recently got ahold of login credentials for data centers in Asia that are used by leading global businesses. As a result, cyber criminals may be able to execute advanced espionage activities, sabotage, or other malicious activities.
The data caches include email addresses and passwords for customer support websites belonging to two of the largest data center operators in Asia: Shanghai-based GDS Holdings Ltd., and Singapore-based ST Telemedia Global Data Centres. If that sounds relatively minor, roughly 2,000 customers of the two separate companies were affected.
Since the breach, cyber criminals have infiltrated at least five corporate customer accounts, including one belonging to China’s main foreign exchange and debt trading platform.
What hackers did with the other login data remains unclear. Breached information included credentials, in varying quantities, for major multi-national companies, including those in the top echelons of the tech world.
How the breach occurred
Says GDS, a customer support website experienced a breach in 2021. How the cyber criminals obtained the ST Telemedia Global Data Centres information remains unclear. The latter firm reported no evidence that its customer service portal was compromised that year.
Cyber security experts and executives across four major U.S.-based brands that were affected pointed out that the stolen credentials represented an unusual and troubling danger, as the customer support portals also enable users to physically access the IT equipment housed in the data centers.
The executives who have commented on the issue thus far have asked not to be identified, as they weren’t authorized to speak publicly about the matter.
Magnitude of data loss
The extent of the data loss highlights the growing perils that organizations face when dependent on third-parties to store data and IT equipment. Cyber security experts state that the issue is of particular concern in China, which requires firms to partner with local data service providers.
“This is a nightmare waiting to happen,” stated Michael Henry, former chief information officer for Digital Reality Trust Inc., a large U.S. data center operator.
For any data center operator, the worst-case scenario involves attackers gaining physical access to clients’ servers and the installation of malicious code or related activities. “If they can achieve that, they can potentially disrupt communications and commerce on a massive scale.”
GDS and ST Telemedia Global Data Centres both say that they do not have evidence confirming that anything like the aforementioned actually occurred. Core business services have not been impacted by the incident.
Hackers sell the data
Last month, on the dark web, hackers posted credentials believed to have been stolen via this breach. The selling price was $175,000.
In a post, once hacker wrote, “I used some targets…but [was] unable to handle as [the] total number of companies is over 2,000.”
On Monday, cyber criminals appeared to dump the stolen data on the dark web, free of charge.
The available email addresses and passwords could have enabled cyber criminals to pose as authorized users on select websites. Cyber criminals could also potentially use the data to craft targeted phishing emails directed to people with high-level access to corporate networks.
Both data center operators quickly responded to emails when notified about the security issues, immediately launching internal investigations.
The hacks have not yet been attributed to a known hacking group. According to cyber experts, the hackers may be imitating other cyber criminals; a tactic often used for obfuscation purposes by nation-state actors.
Regardless of how this stolen information has been used and weaponized, the incident indicates that cyber attackers are exploring new ways to infiltrate challenging and highly secure cyber targets.