A cybersecurity research organization said hackers gained login credentials for Asian data centers used by some of the world's largest firms, a goldmine for espionage or disruption.

Resecurity Inc., a cybersecurity company investigating hackers, found customer-support website emails and passwords for two of Asia's largest data center operators, Shanghai-based GDS Holdings Ltd and Singapore-based ST Telemedia Global Data Centres.

GDS/STT GDC impacted 2,000 clients. Resecurity penetrated the hacker gang and identified five hacked, including China's main foreign currency and debt trading site and four from India.

Hackers may have used various logins. The security firm and Bloomberg evaluated hundreds of pages of credentials for Alibaba Group Holding Ltd, Amazon.com Inc., Apple Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp., and Walmart Inc.

2021 GDS customer support website breach. Hackers stole STT GDC data. Their customer support site was untouched that year. Both organizations stated the rogue credentials didn't compromise clients' IT systems or data.

As customer-support websites prohibit data center IT equipment access, Resecurity and executives at four big US corporations stated the stolen credentials posed a unique and significant threat. Once Bloomberg News and security confirmed the occurrences, the CEOs requested anonymity.

Third-parties

• Also read  Hackers are Destroying Windows Files with the Help of Swift-Slicer Wiper

Resecurity's data loss shows firms' reliance on third parties to store data and IT equipment and access global markets raises risk. China, where companies must utilize local data service providers, is worse, according to security experts.

When Bloomberg revealed the occurrences, Michael Henry, former CIO of Digital Realty Trust Inc., a leading US data center operator, called it a catastrophe waiting to happen. DRT was fine. 

Henry said data center operators' worst-case scenario involves intruders physically accessing customers' servers and installing destructive programs or equipment. “That could seriously disrupt communications and commerce.”

GDS and STT GDC claimed no evidence and that essential services were affected.

According to Resecurity and a Bloomberg screenshot, the hackers stored the login credentials for over a year before selling them on the dark web last month for $175,000, stating they were swamped.

Hackers said, “I utilized several targets.” 2,000 firms prevent it.

Resecurity says hackers impersonated authorized users on customer support websites using email addresses and passwords. In September 2021, Resecurity detected data caches that hackers were utilizing to access GDS and STT GDC customers' accounts as recently as January, when both data center operators needed password upgrades.

Resecurity believes hackers may target high-level network administrators with phishing emails utilizing passwordless data.

companies

Walmart, Alibaba, Amazon, Huawei, and others rejected comment. Apple ignored questions.

Microsoft said, “We continually check for threats that can harm Microsoft, and when plausible risks are detected, we take fast action to safeguard Microsoft and our customers.”

“We have extra controls to defend against this sort of access, and we are comfortable that our data was not at risk,” said a Goldman Sachs executive.

BMW conceded. “After examination, the problem has little effect on BMW operations and has caused no harm to BMW customers and product-related information,” a spokeswoman stated. BMW allegedly advised GDS to increase data security.

• Also read  Hackers, North Korea, utilising 500 phishing, steal NFTs.

"Co-location"

Asia's most significant "co-location" providers are GDS and STT GDC. To be closer to Asian customers and companies, they rent data center space to clients installing and managing their IT equipment. 

Synergy Research Group Inc. ranks GDS among China's top three co-location vendors, the second-largest market after the US.

According to a corporate filing, Singapore Technologies Telemedia Pte, the parent of STT GDC, purchased 40% of GDS in 2014.

Resecurity CEO Gene Yoo said one of his investigators uncovered the occurrences in a 2021 Chinese hacker organization that targeted Taiwanese government sites.

Yoo and the papers indicate it alerted GDS, STT GDC, and specific Resecurity customers.

Yoo and the papers indicate Resecurity contacted GDS, STT GDC, Chinese, and Singaporean authorities in January after discovering the account hackers.

Both data centers stated they examined security issues quickly.

Spokesperson Cheryl Lee said the Cyber Security Agency of Singapore is helping ST Telemedia.

Cyber-emergency NGO National Computer Network Emergency Response Technical Team/Coordination Center of China denied comment.

After being hacked, GDS fixed its customer-support website in 2021.

A corporate statement said hackers targeted non-critical service operations, including ticketing requests, equipment deliveries, and maintenance reports.

“App requests usually need offline confirmation. The application's simplicity protected our clients' IT operations from the breach.

STT GDC hired cybersecurity professionals in 2021 after the incident. The business stated the IT system handles customer service requests.

Resecurity received "a limited and outdated set of user passwords for our customer ticketing systems," however, their customer service site was not affected in 2021. Incorrect data no longer threatens security.”

STT GDC reported no data breach.

Cybersecurity experts said the thefts suggest hackers try new methods to breach hard targets.

Former Intel Corp. chief security and privacy officer Malcolm Harkins said corporate security teams overlook third-party data centers' physical security and access control weaknesses. Harkins warned data center equipment tampering might be disastrous.

Bloomberg News reported that hackers stole email addresses and passwords for 3,000 GDS workers, customers, and 1,000 STT GDC employees.

According to the papers, GDS's over 30,000 security cameras, most of which used basic passwords like "admin" or "admin12345," were hacked. GDS disregarded camera network access and password theft.

Customer-support website logins differ. Data shows Alibaba has 201 accounts, Amazon 99, Microsoft 32, Baidu Inc. 16, Bank of America Corp. 15, Bank of China Ltd. 7, Apple 4, and Goldman 3. Resecurity's Yoo claimed hackers might access a company's customer care site using an email and password.

According to Resecurity and the documents, employees' login details were stolen from Bharti Airtel Ltd. in India, Bloomberg LP (Bloomberg News), ByteDance Ltd., Ford Motor Co., Globe Telecom Inc. in the Philippines, Mastercard Inc., Morgan Stanley, Paypal Holdings Inc., Porsche AG, SoftBank Corp., Telstra Group Ltd. in Australia, Tencent Holdings Ltd., Verizon Communications Inc., and Wells Fargo & Co.

Baidu said, “We do not think any data was compromised. Baidu prioritizes client privacy. Our company's data security will be monitored."

“We have no hazard information,” Porsche said. A SoftBank official stated a Chinese subsidiary stopped GDS last year. The official stated the local Chinese business had not compromised client data or activities.

Mastercard added, “While we continue to monitor this matter, we are unaware of any hazards to our company or effect on our transaction network or systems.” A Telstra representative said, “We are not aware of any harm to the firm after this breach.”

"We are not aware of any damage to the company after this hack," Tencent said. We manage Tencent servers. Our computers and servers are secure following assessment.”

Wells Bank officials said GDS supplied backup IT infrastructure till December 2022. GDS denied Wells Fargo data, systems, and networks. Several companies were quiet.

Yoo claimed Resecurity's undercover investigator sought account access from hackers in January. He claimed the hackers shared photos of them accessing five firms' accounts and examining the GDS and STT GDC websites. Resecurity sent Bloomberg screenshots.

The Chinese Foreign Exchange Trade System's GDS account, which controls the government's currency and debt trading platform, was hacked, according to resecurity images. The organization disregarded communications.

India-NIE

The National Internet Exchange of India, MyLink Services Ltd., Skymax Broadband Services Ltd., and Logix InfoSecurity Pvt. were compromised at STT GDC.

Bloomberg was uninformed and denied comment from the National Internet Exchange of India. Indian groups remained mute.

A GDS spokesman said, “Recently, we detected many fresh assaults from hackers utilizing the earlier account login credentials. Technology prevented these assaults. Our system fault stopped hackers.

"One lone client didn't change one of their account credentials to this application, which belonged to an ex-employee of theirs," the GDS official stated. Everyone needed a password reset. Unlikely. No hack.”

STT GDC received more customer service portal threats in "our India and Thailand areas" in January. Customer service portal data was safe.

Yoo said Resecurity found the hackers selling the information on a dark website in English and Mandarin around late January after GDS and STT changed passwords.

“DBs include customer information, may be misused for phishing, cabinet access, monitoring orders and equipment, remote hands orders,” the post claimed.

 Who facilitates targeted phishing?