Published in News

Chinese hackers crack Norwegian software firm Visma

by on07 February 2019

“Potentially catastrophic attack”

Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cyber security researchers said.

Visma has issued a statement saying that the attack is potentially catastrophic.

The attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets, according to investigators at cyber security firm Recorded Future.

Beijing has repeatedly denied any involvement in cyber-enabled spying, but then it would.

Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.

Cyber security firms and Western governments have warned about Cloudhopper several times since 2017 but have not shown the identities of the companies affected.

Reuters reported in December that HPE and IBM were two of the campaign’s victims, and Western officials caution in private that there are many more.

At the time IBM said it had no evidence sensitive corporate data had been compromised, and HPE said it could not comment on the Cloudhopper campaign.

Visma provides business software products to more than 900,000 companies across Scandinavia and parts of Europe.

The company’s operations and security manager, Espen Johansen, said the attack was detected shortly after the hackers accessed Visma’s systems and he was confident no client networks were accessed.

“But if I put on my paranoia hat, this could have been catastrophic. If you are a big intelligence agency somewhere in the world and you want to harvest as much information as possible, you of course go for the convergence points, it’s a given fact.

“I’m aware that we do have clients which are very interesting for nation states”, he said, declining to name any specific customers.

Investigators at cyber security firm Rapid7, Recorded Future said the attackers first accessed Visma's network by using a stolen set of login credentials and were operating as part of a hacking group known as APT 10, which Western officials say is behind the Cloudhopper campaign.

The US Department of Justice in December charged two alleged members of APT 10 with hacking US government agencies and dozens of businesses around the world on behalf of China’s Ministry of State Security.


Last modified on 07 February 2019
Rate this item
(0 votes)

Read more about: