It turned out that the cracker group 'APT 10' had invaded the network of a large enterprise, and the possibility that the criminal offense was a hand of Chinese information intelligence

by Nicolas Raymond

The worldwide cracking group " APT 10 " has intruded into the network of Visma , the leading software company in Norway, to steal sensitive information in order to obtain intellectual property and trade secret, the Internet security company Recorded Future I report it. According to the Recorded Future, this group of crackers is an organization related to information intelligence in China and is carrying out attacks that steal confidential information from companies and government organizations all over the world.

APT 10 Targeted Norwegian MSP and US Companies in Sustained Campaign
https://www.recordedfuture.com/apt10-cyberespionage-campaign/

China hacked Norway's Visma to steal client secrets: investigators | Reuters
https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141

The US Justice Department insists that "China has been hacking since December 2018 and is trying to steal intellectual property and trade secrets from companies around the world, We are prosecuting two crackers who are related officials in the safety department.

Among the indictment filed by this Justice Department, mention is made of the existence of the Chinese cracker group "APT 10". APT 10 is a group of crackers that has been active since at least 2009, invading the network of companies in various fields such as medical, defense, aerospace, government, heavy industry etc. using cloud services such as Dropbox and intellectual property He stole confidential information. APT 10 is cracking in 12 countries including France, Germany, Japan, Switzerland and the United Kingdom in addition to the United States, Recorded Future says, "At least 45 companies and service providers were damaged."

Reuters reports that Hewlett-Packard enterprise and IBM are also included among companies suffering from APT 10. In addition, IBM said that there was no evidence that corporate confidential data was stolen, and Hewlett-Packard enterprise also said that it can not comment on APT 10 attack.

The Chinese government-related hacker organization found a cyber attack on IBM and HP networks and also invaded PCs of client companies - GIGAZINE

Meanwhile, in September of 2018, one of Visma 's clients sensed unauthorized access to the network and asked Recorded Future for assistance in the investigation. Analysis of malware samples and network logs provided by Visma revealed that there was a trace of network intrusion already since August 2018. Visma is a software company that develops business mainly in Scandinavia and is one of the biggest companies representing Europe with sales of about 1 billion dollars (about 110 billion yen).

The APT 10 cracker seems to have logged into Visma's network, but this login time will overlap the active time zone in Tianjin, China. Among the materials included in the US Justice Department's indictment are evidence to support that APT 10 is an organization related to the national security department , China's intelligence agency, and the home of APT 10 is the branch It is considered to be the Tianjin National Security Bureau.

There is no public contact in China 's National Security Division, Reuters requested comment from Chinese Ministry of Foreign Affairs, but there was no reply, Chinese authorities repeatedly denied involvement in cracking.

Priscila Moriuchi, former Information Officer at the National Security Agency of the National Security Agency (NSA), responsible for strategic threats of Recorded Future said APT 10's activities in Visma's network intruded into client systems for commercial confidential information It is intended to do. "I believe that APT 10 has been able to exploit Visma's network and make attacks on Visma's customers, but as attacks were quickly caught, we should stop secondary damage, It is done. "