Chinese state hackers attack Norwegian cloud computing firm

Cybersecurity researchers have uncovered a Chinese state-sponsored cyber attack against Norwegian cloud software provider Visma, which says no client data was affected

Chinese intelligence breached the network of Norwegian software firm Visma in an attempt to steal secrets from its clients, according to a new report published by Rapid7 and Recorded Future, two US cybersecurity firms.

Visma, which provides cloud business solutions for many European countries, had its network infiltrated way back in August 2018. According to the report, the perpetrators were APT10, a Chinese state hacking group that managed to access the network using a stolen set of login credentials for a remote-access software used by Visma employees.

For the hackers, it was then a matter of unleashing malware strains on the network to harvest Visma’s data.

Western countries united to condemn what they call a “global hacking” campaign coordinated at the behest of China’s Ministry of State Security. Beijing denies all involvement and the Ministry is impossible to contact for comments.

The hacking campaign is known as Cloudhopper – which involves targeting cloud services to reach their clients. It’s a relatively new and worrying trend which is taking advantage of the fact that some of the Western world’s most powerful companies have migrated vital applications to the cloud.

Visma’s operations and securities manager Espen Johansen told Reuters that while the attack was halted before client networks were breached, it could have been “catastrophic” had it not been detected early on.

“If I put on my paranoia hat, this could have been catastrophic,” he said. “If you are a big intelligence agency somewhere in the world and you want to harvest as much information as possible, you of course go for the convergence points, it’s a given fact.”

Both HPE and IBM have been victims of Cloudhopper. While HPE has not commented on the campaign’s impact, IBM said Cloudhopper failed to compromise any of its sensitive data.

Since 2009, the APT10 group has been targeting healthcare, defence, aerospace, government, heavy industry/mining, managed service providers (MSPs) and IT industries, in the UK.