Nicole Perlroth

This was a coordinated surge by disparate elite hackers. And unlike the PLA, these hackers weren't getting paid by the hour. They were getting paid by the outcome. Incident responders started getting frantic calls from MSPs all over the world seeking help. And these weren't just in the US. These were MSPs in Japan, South Korea, Thailand, all across Europe, Canada, the UK, South Africa, Australia.

This was a coordinated surge by disparate elite hackers. And unlike the PLA, these hackers weren't getting paid by the hour. They were getting paid by the outcome. Incident responders started getting frantic calls from MSPs all over the world seeking help. And these weren't just in the US. These were MSPs in Japan, South Korea, Thailand, all across Europe, Canada, the UK, South Africa, Australia.

They had all been popped in a campaign that they'd go on to call Operation Cloud Hopper because hackers would hop from these MSPs into their customer networks at some of the world's leading pharmaceuticals, engineering, retail, manufacturing, telecom, aerospace, and satellite technology makers. They took Rio Tinto's prospecting secrets and sensitive health research from Philips.

They had all been popped in a campaign that they'd go on to call Operation Cloud Hopper because hackers would hop from these MSPs into their customer networks at some of the world's leading pharmaceuticals, engineering, retail, manufacturing, telecom, aerospace, and satellite technology makers. They took Rio Tinto's prospecting secrets and sensitive health research from Philips.

They took more than 100,000 detailed personnel records from the U.S. Navy. They even managed to slip into NASA's Jet Propulsion Lab. With the first Trump administration's trade war as a backdrop, they were back to hacking trade secrets with a vengeance. Here's Steve Stone, who lived and breathed this transition.

They took more than 100,000 detailed personnel records from the U.S. Navy. They even managed to slip into NASA's Jet Propulsion Lab. With the first Trump administration's trade war as a backdrop, they were back to hacking trade secrets with a vengeance. Here's Steve Stone, who lived and breathed this transition.

These new hackers were meticulous digital ninjas working with a laser-like precision. They took great pains to cover their tracks, encrypting their traffic, deleting log files and other digital crumbs, and burrowing in so deeply that even when victims wiped and rebooted their machines, these Chinese hackers found a way to remain. But occasionally, they just couldn't help themselves.

These new hackers were meticulous digital ninjas working with a laser-like precision. They took great pains to cover their tracks, encrypting their traffic, deleting log files and other digital crumbs, and burrowing in so deeply that even when victims wiped and rebooted their machines, these Chinese hackers found a way to remain. But occasionally, they just couldn't help themselves.

At one point, they registered a hacking domain as NSAmefound.com. They were messing with us. Years later, we learned just how little they cared about getting caught. In 2024, someone, we still don't even know who, doxxed a mid-level Chinese hacker-for-hire contract shop called iSoon. Among the leaks were transcripts of hackers' group chats. They'd been messaging about who had been named in a U.S.

At one point, they registered a hacking domain as NSAmefound.com. They were messing with us. Years later, we learned just how little they cared about getting caught. In 2024, someone, we still don't even know who, doxxed a mid-level Chinese hacker-for-hire contract shop called iSoon. Among the leaks were transcripts of hackers' group chats. They'd been messaging about who had been named in a U.S.

indictment of APT41, their hacking unit. But they weren't concerned. They were celebrating. The chats showed hackers promising to buy their colleagues 41 shots at the next rager. But for the most part, these MSS hackers laid low and were light years ahead of their predecessors.

indictment of APT41, their hacking unit. But they weren't concerned. They were celebrating. The chats showed hackers promising to buy their colleagues 41 shots at the next rager. But for the most part, these MSS hackers laid low and were light years ahead of their predecessors.

When I'd interview the people charged with responding to these attacks, I couldn't help but notice that they were impressed.

When I'd interview the people charged with responding to these attacks, I couldn't help but notice that they were impressed.

Which brings us to zero days.

Which brings us to zero days.

A word on zero days. In essence, zero days are holes in the foundation of a system. Holes developer missed. For simplicity's sake here, let's just say I'm a hacker. I find a programming mistake in your iPhone's iOS software. It could be as simple as a misplaced zero or a missing hyphen. Just something that Apple's programmers missed. That's a zero day.

A word on zero days. In essence, zero days are holes in the foundation of a system. Holes developer missed. For simplicity's sake here, let's just say I'm a hacker. I find a programming mistake in your iPhone's iOS software. It could be as simple as a misplaced zero or a missing hyphen. Just something that Apple's programmers missed. That's a zero day.

It's called that because once it's found, programmers have had zero days to fix it. Now, let's say I'm a hacker who can write a program to actually exploit that zero day to do things like read your text messages, track your location, spy on your phone calls. That's a zero day exploit. Really, it's an invisible ankle bracelet.

It's called that because once it's found, programmers have had zero days to fix it. Now, let's say I'm a hacker who can write a program to actually exploit that zero day to do things like read your text messages, track your location, spy on your phone calls. That's a zero day exploit. Really, it's an invisible ankle bracelet.