Managed Service Providers (MSPs) are attractive targets for state actors and cyber criminals. This investigation by the ACSC is one example of how Australian organisations are at risk of commercial secrets, data and information theft via their MSP. This report details an ACSC investigation. It includes technical findings and mitigation advice related to the compromise of the Australian arm of a multinational construction services company via their MSP.
The tactics, techniques and procedures (TTPs) observed in this compromise align with a public report titled “Operation Cloud Hopper”, which details APT10’s targeting of MSPs to leverage existing trust relationships with their customers and gain access to their customer networks.
For mitigation strategies to manage the security risks posed by engaging and authorising network access to MSPs, the ACSC recommends reviewing the PROTECT product How to Manage Your Security When Engaging a Managed Service Provider.