The Justice Department has levied charges against two Chinese nationals for stealing information from at least 45 U.S. tech companies and government agencies as part of a global hacking campaign. The hackers, working under the name APT 10, targeted managed service providers, cloud service providers, and their clients in the U.S. and 11 other countries. Since 2014, APT 10 has compromised the administrative credentials of MSPs and infiltrated their clients’ networks. There is no evidence at this time that the attacks have impacted critical electric infrastructure or customers. The American Public Power Association is working closely with our industry and government partners to assess any potential impacts and to mitigate accordingly.
The DHS website has details on the Chinese Malicious Cyber Activity and the Advanced Persistent Threat Activity Exploiting Managed Service Providers.
We encourage members to monitor the E-ISAC portal alerts to gauge potential impact on your utility and actions to be taken. To sign up for the portal, email [email protected], visit www.eisac.com, or call 202-790-6000.