The Wall Street Journal has published its investigation into the Cloud Hopper cyberespionage campaign that Reuters reported in December 2018. The US Justice Department at that time indicted two Chinese nationals (both of whom remain at large) and alleged that the duo had been working for the Chinese Ministry of State Security's APT10. It now appears, according to the Journal, that the espionage was far more widespread than originally reported. Cloud Hopper actively pursued managed service and cloud providers, and in addition to the usual culling of trade secrets now familiar in Chinese industrial espionage campaigns, the Ministry also went after personal information on a large scale. The US Government now believes APT10 succeeded in collecting some hundred-thousand Naval personnel records.
ToTok, a messaging app developed in the United Arab Emirates, is now believed to have been a surveillance tool prepared by Breej Holding, which the New York Times characterizes as a front operation for the Emirati cybersecurity firm Dark Matter.
Yahoo News reports that the US Department of Defense has warned service members to avoid using consumer DNA kits on the grounds that the personal information collected by the private companies that offer the kits could amount to a security risk.
vpnMentor has found that Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group, has been leaking travel information belonging to US Department of Defense personnel.
A privacy fail comes from a surprising source: the UK Cabinet Office. The Guardian reports that the Cabinet Office has apologized for exposing the addresses of a thousand celebrities who were in this year's Honours List.