Hackers Employed By China Infiltrate Norwegian Software Company Visma

Hackers employed by the Chinese government were able to get into the network of Visma, a Norwegian software company, to steal client secrets.

Reuters, citing cybersecurity researchers, reported that the attack was part of a global hacking campaign initiated by the Ministry of State Security in China aimed at stealing intellectual property and corporate secrets. The report, citing investigators at cybersecurity firm Recorded Future, said the hack was part of the Cloudhopper hacking campaign targeting technology service and software providers in an effort to reach the companies’ clients.

Visma made the hack public to raise awareness about the campaign. Governments in the West and cybersecurity firms have been warning about Cloudhopper since 2017 but have not until now disclosed the names of the companies that were impacted by it. Reuters noted that in December it reported that Hewlett Packard Enterprise and IBM were victims of the Cloudhopper hacking campaign. IBM said at the time there was no evidence that the hackers stole sensitive customer data while Hewlett Packard Enterprise declined to comment on the report.

Visma, the business software maker that has more than 900,000 corporate companies in Scandinavia and parts of Europe, said the attack was detected shortly after the hackers got into Visma’s systems. Espen Johansen, Visma’s operations and security manager, said he is confident that none of its customers’ networks were accessed. “But if I put on my paranoia hat, this could have been catastrophic,” he said in the report. “If you are a big intelligence agency somewhere in the world and you want to harvest as much information as possible, you of course go for the convergence points, it’s a given fact.”

Security researchers including Paul Chichester, director for operations at Britain’s National Cyber Security Centre, said the hack of Visma underscores the damages companies are facing as hackers try to attack their supply chains and access proprietary data. Chichester said that with companies hardening their defenses for cyber attacks, the hackers are turning to suppliers to get into corporate networks.