Visma in the Crosshairs: A Tale of Cyber Espionage
The Norwegian software champ Visma found itself on the front lines of a cyber‑whirlwind when a team of hackers—tied to China’s Ministry of State Security—snuck into its network to pilfer secrets from its clients.
What’s the Backstory?
Back in December, Western powers highlighted a global hacking spree dubbed Cloudhopper. The operation, allegedly hijacked by China’s APT 10 group, targets tech service and software vendors who act as a bridge to customer data. Visma’s decision to go public was a deliberate move to shine a spotlight on this scheme and warn the wider industry.
Who’s Got Their Eyes on This?
- Hewlett Packard Enterprise – a rumored casualty in the campaign.
- IBM – also flagged as a victim, though the company later said no sensitive data had slipped out.
- Other unnamed firms that fall under the “cloudhopper” umbrella.
Visma, whose revenues ticked up to a whopping $1.3 B last year, supplies software to more than 900,000 companies across Scandinavia and parts of Europe.
The Attack Unfolds
Inside Visma’s digital fortress, the attackers hopped in using stolen credentials. Luckily, their presence was flagged almost immediately—thanks to the sharp vigilance of operations and security manager Espen Johansen. According to him, “while it could have been cataclysmic if we’d missed it, we were lucky enough to clean up before our clients got caught in the cross‑fire.”
Why It Matters
Britain’s National Cyber Security Centre director for operations, Paul Chichester, notes that the era of cyber attacks has shifted gears: organisations are tightening their own doors, while adversaries get more hungry for supply‑chain infiltration.
What Recorded Future Adds
Priscilla Moriuchi, a former NSA intelligence officer now at Recorded Future, highlights that the infiltrators likely aimed to dig into client systems for commercially valuable intel—rather than just stealing Visma’s own intellectual property.
- APT 10 used Visma as a staging ground.
- Early detection stopped the secondary hit.
- They’re part of a bigger picture of state‑sponsored cyber‑spying.
Bottom Line
Visma’s experience—though unlucky—has served as a stark reminder that even the most resilient providers can be targeted if they’re the connective tissue between big names and their clientele. In the world of cyber warfare, staying a step ahead might often mean donning a “paranoia hat.”
As the story unfolds, one thing’s clear: the “cloudhopper” campaign is still flying high, and the fight for digital safety is far from over.
