A digital intrusion at PCM Inc., a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned.
El Segundo, Calif. based PCM [NASDAQ:PCMI] is a provider of technology products, services and solutions to businesses as well as state and federal governments. PCM has nearly 4,000 employees, more than 2,000 customers, and generated approximately $2.2 billion in revenue in 2018.
Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp.
One security expert at a PCM customer who was recently notified about the incident said the intruders appeared primarily interested in stealing information that could be used to conduct gift card fraud at various retailers and financial institutions.
In that respect, the motivations of the attackers seem similar to the goals of intruders who breached Indian IT outsourcing giant Wipro Ltd. earlier this year. In April, KrebsOnSecurity broke the news that the Wipro intruders appeared to be after anything they could quickly turn into cash, and used their access to harvest gift card information from a number of the company’s customers.
It’s unclear whether PCM was a follow-on victim from the Wipro breach, or if it was attacked separately. As noted in that April story, PCM was one of the companies targeted by the same hacking group that compromised Wipro.
The intruders who hacked into Wipro set up a number of domains that appeared visually similar to that of Wipro customers, and many of those customers responded to the April Wipro breach story with additional information about those attacks.
PCM never did respond to requests for comment on that story. But in a statement shared with KrebsOnSecurity today, PCM said the company “recently experienced a cyber incident that impacted certain of its systems.”
“From its investigation, impact to its systems was limited and the matter has been remediated,” the statement reads. “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers. To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had.”
On June 24, PCM announced it was in the process of being acquired by global IT provider Insight Enterprises [NASDAQ:NSIT]. Insight has not yet responded to requests for comment.
Earlier this week, cyber intelligence firm RiskIQ published a lengthy analysis of the hacking group that targeted Wipro, among many other companies. RiskIQ says this group has been active since at least 2016, and posits that the hackers may be targeting gift card providers because they provide access to liquid assets outside of the traditional western financial system.
The breach at PCM is just the latest example of how cybercriminals increasingly are targeting employees who work at cloud data providers and technology consultancies that manage vast IT resources for many clients. On Wednesday, Reuters published a lengthy story on “Cloud Hopper,” the nickname given to a network of Chinese cyber spies that hacked into eight of the world’s biggest IT suppliers between 2014 and 2017.