China Accused In Norwegian Software Company Hack

The breach of corporate software maker Visma comes as Huawei faces increased pressure in the UK and elsewhere

Hackers operating on behalf of China’s intelligence agency breached the systems of a Norwegian software firm seeking sensitive business information from its clients, researchers have said.

The disclosure came as Chinese telecoms equipment maker Huawei faces increasing pressure in the UK, Germany, Poland and elsewhere over concerns it could be involved in espionage.

Security firm Recorded Future outlined the attack on software firm Visma at an event in London, saying it was part of a broader hacking campaign by China’s government.

The campaign, known as Cloudhopper, is aimed at stealing intellectual property and corporate secrets from Western companies via the technology service and software firms they use, Recorded Future said.

Cyber-espionage

China has repeatedly denied involvement in cyber-espionage.

Western governments and researchers have warned of Cloudhopper for the past two years, but have not previously disclosed the specific companies that were targeted, although reports have named HP and IBM as having been hit by Cloudhopper attacks.

IBM has said it had no evidence sensitive data was compromised, and Visma, which had $1.3 billion (£1bn) in revenues last year, said likewise that it believes the attack was detected before any data was lost.

Visma operations and security manager Espen Johansen said, however, that the incident could have been “catastrophic” and that some of the firm’s clients were “very interesting for nation states”.

National Cyber Security Centre director for operations Paul Chichester said the attack illustrates the danger posed to companies by hacks involving their supply chains.

Because firms are improving their own security, attackers are targeting supply chains in order to “try to find other ways in”, Chichester said.

The attackers, who first penetrated Visma’s network using stolen login credentials, were part of a hacking group known as APT 10.

In December the US Department of Justice charged two alleged members of that group  with hacking US government agencies and dozens of businesses on behalf of China’s Ministry of State Security.

Max Vetter, chief cyber officer of Immersive Labs, said software companies such as Visma are being targeted as part of a “Trojan horse” approach to infiltrating corporate targets.

“They are a ripe target because, whilst being relatively low-profile, often the products they build make up the infrastructure for much bigger end-users,” Vetter said. “If hackers can find a backdoor in the platforms used by numerous businesses, it can be used time and again.”

Huawei’s UK security shift

Meanwhile, Huawei has told British lawmakers that a $2bn effort to address security issues in the UK could take three to five years to produce results.

Ryan Ding, president of the company’s carrier business group, said in a letter to MPs last week that the changes constituted a “complicated and involved process”, Reuters reported.

“Enhancing our software engineering capabilities is like replacing components on a high-speed train in motion,” Ding wrote in the letter to Parliament’s science and technology committee.  “It is a complicated and involved process, and will take at least three to five years to see tangible results. We hope the UK government can understand this.”

Ding said in the letter that Huawei would never use its equipment to assist in espionage activities because to do so would “destroy” its business.

“Huawei is a closely watched company,” he wrote. “Were Huawei ever to engage in malicious behavior, it would not go unnoticed – and it would certainly destroy our business.”

A company spokesperson said separately that the firm could not comment on the letter, but that it was continuing to work “closely” with UK authorities.

Pressure in Europe

In Germany, ministers on Wednesday discussed how to safeguard the construction of its next-generation mobile networks, with chancellor Angele Merkel’s saying that firms such as Huawei should be made to meet tough security standards, rather than banned outright from building future infrastructure.

The Federation of German Industry (BDI) has said that a ban on Chinese firms such as Huawei and ZTE would affect costs and could attract Chinese limitations on German companies in response.

A plan of action may be announced by the government next week.

In Poland, where a Huawei employee was recently arrested on spying charges, the firm said on Wednesday it was prepared to build a cyber-security centre in the country in order to provide a “trusted solution” for the country.

Last week, Huawei was excluded from a tender to build a Czech tax portal, following an earlier warning by the country’s cyber-security agency that the firm could pose a national security threat.

Such actions come amidst mounting pressure by the US for its allies to ban Huawei and other Chinese companies from next-generation networks. China and the US are engaged in an increasingly bitter trade dispute that has led to profit warnings from US technology firms including Apple, Intel and Nvidia.

The US Justice Department has also charged Huawei with conspiring to violate US sanctions on Iran and with stealing technology from T-Mobile US.