Posted on February 23, 2023 at 7:07 AM
Hackers breach two leading data centers exposing global companies to spying and sabotage
Hackers have accessed the login credentials of data centers based in Asia used by some of the largest companies globally. This breach exposes these companies to spying and sabotage.
Hackers access login credentials for data centers
According to Bloomberg, the data caches involve the emails and passwords of customer-support websites for the two leading data center operators in Asia. These data centers are GDS Holdings Ltd, based in Shanghai, and ST Telemedia Global Data Centers, in Singapore.
The breach in these data centers affected around 2000 GDS and STT GDC customers. The threat actors have logged into the systems of at least five customers, including the main foreign exchange in china, a debt trading platform, and four other companies situated in India.
It is unclear what the hackers did with the other obtained logins. The stolen credentials belong to some of the largest global companies, such as Amazon, Apple, Alibaba, BMW AG, Goldman Sachs, Microsoft, Huawei, and Walmart.
GDS has said that in 2021, a customer support website was breached by attackers. However, it is unclear how the hackers accessed the STT GDC data. However, during the breach that happened in 2021, there were no signs that the company’s customer service portal was affected.
Resecurity and executives from four of the largest companies in the US affected by the breach noted there was a danger of the breach. This is because of the possibility of hackers gaining access to the IT equipment located in the data centers.
Companies face increased risk from third party
The breach of these data centers portrays the danger of companies depending on third parties to store data and IT equipment to help their networks have a global presence. Security experts say this issue is more prevalent in China, where corporations must partner with local data service providers.
The former chief information officer for Digital Realty Trust, Michael Henry, said, “This is a nightmare waiting to happen.” He noted that there was a possibility that the hackers could gain physical access to client servers to deploy malicious code and additional equipment, which could disrupt communications and commerce.
However, according to GDS and STT GDC, the extent of the breach remained minimal, adding that their core services were unaffected. The hackers had access to login credentials for over one year before posting it for sale on the dark web in January this year for $175,000. The hacker has since dumped the data on the dark web for free.
With these email addresses and passwords, the hackers might have managed to hide as authorized users on customer service websites. The security firm identified the data caches in September 2021, adding that there was no evidence that hackers used them to access the accounts of GDS and STT GDC customers.
Nevertheless, even if the hackers failed to access valid passwords, they could still use the data to conduct phishing campaigns targeting people with high-level access to company networks.
Microsoft issued a statement on this threat, saying, “We regularly monitor for threats that could impact Microsoft, and when potential threats are identified we take appropriate action to protect Microsoft and our customers.” Goldman Sachs also said it had additional security controls to protect itself from such breaches.
Amazon Web Services said the breach did not affect the security of the company’s systems, services, and customers. A spokesperson from BMW also said that the issue had minimal impact on BMW’s business, and no damage to customers or product-related information was seen.
GDS said it investigated the breach on a customer-support website in 2021 and fixed a vulnerability. On the other hand, STT GDC said it engaged external cybersecurity experts after learning of this incident in 2021. However, the company said that the IT system affected was a customer service ticketing tool not linked to the company’s corporate systems or critical data infrastructure.
The Resecurity report has not linked the breach to any known hacking group. According to the security company, the hackers likely offered to sell the information after the data center operators implemented a password reset, which made this data less valuable.
Resecurity also said that there was a possibility that the hackers were imitating criminals. The company noted that state-sponsored actors use these tactics to hide their activity and the motive behind the breach. It further said that the attacks show hackers exploring new ways to infiltrate targets.