Norwegian cloud computing company admits to compromise by APT10

A joint report by Recorded Future and Rapid7 has accused APT10 of infiltrating the network of Norwegian cloud computing company Visma.

According to Visma, its IT security staff detected the intrusion promptly. Although the incident did not affect any of Visma’s clients’ systems, it “could have been catastrophic” had it not been identified early.

Visma is one of the largest cloud service providers in Europe. The firm offers online HR, accounting, and other software to over 900,000 customers across Scandinavia and other regions of Europe.

The attacks are believed to be a part of a global hacking campaign, codenamed Operation Cloudhopper, that started in 2017 and mainly targets cloud service providers.

In December 2018, the NCSC assessed with the highest level of probability that a group known as APT 10 acted on behalf of the Chinese Ministry of State Security to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the US.

APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Since then it has targeted healthcare, defence, aerospace, government, heavy industry/mining, Managed Service Providers (MSPs) and IT industries, among many other sectors, for the likely purpose of intellectual property theft.