The West’s failed fight against China’s ‘Cloud Hopper’ hackers

Why not both? At least, it's safer to assume both when choosing a platform and where to spend dollars. Security is important yet, in my experience, even more underfunded than reliability -- features are generally king. A platform that repeatedly gets breached shows they don't value security as much as they should. An attacker that has been successful previously should continue to be successful except against those targets that secure themselves.

Not only incompetent, also untrustworthy, which i.m.o. is even worse.

    “The security of HPE customer data is always our top priority”

The story then tells otherwise - they kept relevant information from affected customers and even thwarted their own investigation team to keep customers in the dark.

Clearly public image and short-term financial results were the real priorities.

Also a lot of questions are dodged with the "we have found no evidence in any of our extensive investigations that..." answer that provides full deniability. That only makes it plausible that much more happened here.

The cloud providers? Are you referring to HPE and Ericsson here?

It's just the medium, your servers are vulnerable no matter on prem or cloud.

HPE cloud at least

It's a fairly complex and difficult task to phish proof your corporation.

What hardline though? One can't on the one hand sell manufacturing, technology, companies and even infrastructure to China and on the other claim to be uncompromising. I wouldn't mind an actual uncompromising stance on for example labour conditions and investments. But that certainly isn't the case now. Ericsson probably employs less people in Sweden than Chinese companies do at this point.

So where's the proof that they are state sponsored? I failed to find that from the article?

Your fundamental assumption is that all nation states do not engage is such cyber activities.

To be fair, isn't this functionally equivalent to the NSA attacks on Huawei and Chinese aircraft manufacturers over the past decade?

There are even more compelling reasons to adopt a hard line with the CCP:

"Report on forced organ harvesting in China"

https://news.ycombinator.com/item?id=20249489

We're in a situation where we are confronted by our own fundamental values and what they mean to us and what we're willing to do about it.

As a fellow European I think this fight back rhetoric is pretty stupid. Instead of amassing 0days by the military and the secret services while gaining us, the population, zero benefits for the millions spent (because we will still get hacked, regardless of the number of 0days hoarded), why not invest all these ressources into securing our broken software infrastructure? Forcing companies to fix their shit?

That would actually help against foreign hackers while also helping the actual population.

How do you know they're not? I hardly expect either side to put out a press release if they are.

But the West is quite capable of its own state-assisted industrial espionage, such as between Airbus and Boeing. Or random incidents like https://www.theguardian.com/uk-news/2018/sep/21/british-spie... - would you expect retaliation by Belgium, and how?

I’d say the EU lacks capability and likely a legal route to actually do it. The US and UK certainly do. Obama and Trump have both confirmed the use of cyber weapons in 2 instances against Iran.

I think it’s very much a hush hush matter for the US and UK. There’s probably a few stories on HN that the US or UK are actually behind.