China hacked Norway's Visma to steal client secrets:
investigators
Send a link to a friend
 [February 06, 2019]
By Jack Stubbs
LONDON (Reuters) - Hackers working on
behalf of Chinese intelligence breached the network of Norwegian
software firm Visma to steal secrets from its clients, cyber security
researchers said, in what a company executive described as a potentially
catastrophic attack.
The attack was part of what Western countries said in December is a
global hacking campaign by China's Ministry of State Security to steal
intellectual property and corporate secrets, according to investigators
at cyber security firm Recorded Future.
China's Ministry of State Security has no publicly available contacts.
The foreign ministry did not respond to a request for comment, but
Beijing has repeatedly denied any involvement in cyber-enabled spying.
Visma took the decision to talk publicly about the breach to raise
industry awareness about the hacking campaign, which is known as
Cloudhopper and targets technology service and software providers in
order reach their clients.
Cyber security firms and Western governments have warned about
Cloudhopper several times since 2017 but have not disclosed the
identities of the companies affected.
Reuters reported in December that Hewlett Packard Enterprise Co and IBM
were two of the campaign's victims, and Western officials caution in
private that there are many more.
At the time IBM said it had no evidence sensitive corporate data had
been compromised, and Hewlett Packard Enterprise said it could not
comment on the Cloudhopper campaign.
Visma, which reported global revenues of $1.3 billion last year,
provides business software products to more than 900,000 companies
across Scandinavia and parts of Europe.
The company's operations and security manager, Espen Johansen, said the
attack was detected shortly after the hackers accessed Visma's systems
and he was confident no client networks were accessed.
"PARANOIA HAT"
"But if I put on my paranoia hat, this could have been catastrophic," he
said. "If you are a big intelligence agency somewhere in the world and
you want to harvest as much information as possible, you of course go
for the convergence points, it's a given fact."
[to top of second column] |
A map of China is seen
through a magnifying glass on a computer screen showing binary
digits in Singapore in this January 2, 2014 photo illustration.
REUTERS/Edgar Su/File Photo
"I'm aware that we do have clients which are very interesting for nation
states," he said, declining to name any specific customers.
Paul Chichester, director for operations at Britain's National Cyber Security
Centre, said the Visma case highlighted the dangers organizations increasingly
face from cyber attacks on their supply chains.
"Because organizations are focused on improving their own cyber security, we are
seeing an increase in activity targeting supply chains as actors try to find
other ways in," he said.
In a report https://www.recordedfuture.com/apt10-cyberespionage-campaign with
investigators at cyber security firm Rapid7, Recorded Future said the attackers
first accessed Visma's network by using a stolen set of login credentials and
were operating as part of a hacking group known as APT 10, which Western
officials say is behind the Cloudhopper campaign.
The U.S. Department of Justice in December charged two alleged members of APT 10
with hacking U.S. government agencies and dozens of businesses around the world
on behalf of China's Ministry of State Security.
Priscilla Moriuchi, director of strategic threat development at Recorded Future
and a former intelligence officer at the U.S. National Security Agency, said the
hackers' activity inside Visma's network suggested they intended to infiltrate
client systems in search of commercially-sensitive information.
"We believe that APT 10 in this case exploited Visma networks to enable
secondary operations against Visma's customers, not necessarily to steal Visma's
own intellectual property," she said. "Because they caught it so early they were
able to discourage and prevent those secondary attacks."
(Reporting by Jack Stubbs; Editing by William Maclean)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
