A Chinese nation-state hacking group known as APT10 has hacked and stolen data from Visma, a Norwegian company that provides cloud-based business software solutions for European companies.
More security news
- YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key
- $145 million funds frozen after death of cryptocurrency exchange admin
- Linux kernel gets another option to disable Spectre mitigations
- iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date
The intrusion into Visma’s network took place on August 17, 2018, according to a joint report published today by US cyber-security firms Rapid7 and Recorded Future.
According to the report, Chinese government-backed hackers breached the company’s internal network by using stolen valid user credentials for a Citrix remote-access software client that Visma employees were using to access the company’s internal network.
Once the hackers were in, they deployed two malware strains –the Trochilus remote access trojan and the Uppercut (Anel) backdoor– to search, gather, and exfiltrate Visma’s data.
The Norwegian company formally admitted to the hack, today, in a statement published on its website. The company said that hackers only stole internal Visma data, and that “none of their clients’ systems were affected.”
Recorded Future and Rapid7 believe that the intrusion was detected in its early stages before APT10 hackers could abuse the stolen data to escalate infections to Visma customers by backdooring or abusing Visma’s cloud software to get a foothold on customers’ internal networks.
Visma also said the intrusion was identified by their own intelligence systems, confirmed and correlated with data from Rapid7, and investigated further with the help of Recorded Future.
Visma is one of Europe’s largest cloud-based managed service providers (MSP), with over 850,000 customers and net revenue of over $1 billion (2017).
Two other companies also hacked
Rapid7 also identified other APT10 hacks based on the data gathered during the Visma incident response. Experts said that the same Chinese hacking group also breached a US law firm that helps Chinese companies enter the US market (late 2017), and an international apparel company (early 2018).
These hacks are part of a larger APT10 hacking spree that began in 2017 and targeted companies all over the world, but mainly cloud providers.
US government authorities and the private cyber-security sector have been warning about this hacking spree –which they codenamed Operation Cloudhopper– since 2017.
In December 2018, the US Department of Justice charged two Chinese nationals they believed were part of APT10 for hacks at 45 US companies and numerous others in eleven other countries.
At least nine cloud providers are believed to have been hacked. At the time of writing, we now know the names of three –IBM, HPE, and, now, Visma.
Australia, Canada, Japan, New Zealand, the US, and the UK had all formally accused and condemned China’s hacking spree, although, the Beijing government denied all accusations.
More security coverage:
- Researcher reveals data leak at South Africa’s main electricity provider
- Pentesters breach 92 percent of companies, report claims
- Scammer groups are exploiting Gmail ‘dot accounts’ for online fraud
- Japanese government plans to hack into citizens’ IoT devices
- EU orders recall of children’s smartwatch over severe privacy concerns
- Ransomware warning: A global attack could cause $200bn in damage
- Cyber security is ‘greatest concern’ at Senate threats hearing CNET
- Phishing and spearphishing: A cheat sheet for business professionals TechRepublic
- Tencent CEO Pony Ma sparks fresh online discussion about China's economic pain after sharing viral social media article
- How the West got China so catastrophically wrong
- ’10 Well-Dones’: Hacked Docs Reveal How China Is Fine-Tuning Its Genocidal Methods
- Hackers expose China's camps for Muslims who 'grew beards' or 'didn't top up phones'
- Data Hack Reveals Photos from China’s Uyghur Concentration Camps
- Huawei pivots to Asia Pacific with greater investment in talent, cloud technology
- The Quest to Build an NSA-Proof Cloud
- Microsoft ‘zero day’ warning for BILLIONS after Office hacked by Chinese cyber-crooks – change your settings NOW
- Xinjiang police files reveal horrors of China's Uyghur internment camps
- Germany's refusal to ban China's Huawei from 5G is dangerous for the West | Opinion
- Apocalyptic scenes in China as sky turns blood red before bizarre explanation revealed
- Xi threatens to BLOW UP Elon Musk's Starlink satellites as China develops new systems
- Opinion: Dark clouds are on the horizon for Democrats
- 'Shoot-to-kill for escape attempts': How Xinjiang Police Files expose China's claims about 're-education' camps - Times of India
- 'Shoot-to-kill for escape attempts': How Xinjiang police files expose China's claims about 're-education' camps
- China's Uyghur 'shoot-to-kill re-education camps' as images blow apart propaganda
- China police told 'shoot Uyghur Muslims trying to escape re-education centres'
- China unveils detailed stimulus policies to support virus-hit economy
- Chilling warning as cybercriminals 'easily hack gadgets like speakers and doorbell cams'
- North Korea missile horror as China plans to BLOCK sanctions in bitter NATO blow
China hacked Norway's Visma cloud provider have 791 words, post on www.zdnet.com at February 6, 2019. This is cached page on TechNews. If you want remove this page, please contact us.