Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cyber security researchers said, in what a company executive described as a potentially catastrophic attack.
The attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets, according to investigators at cyber security firm Recorded Future.
China’s Ministry of State Security has no publicly available contacts. The foreign ministry did not respond to a request for comment, but Beijing has repeatedly denied any involvement in cyber-enabled spying.
Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.
Cyber security firms and Western governments have warned about Cloudhopper several times since 2017 but have not disclosed the identities of the companies affected.
Reuters reported in December that Hewlett Packard Enterprise Co and IBM were two of the campaign’s victims, and Western officials caution in private that there are many more.
At the time IBM said it had no evidence sensitive corporate data had been compromised, and Hewlett Packard Enterprise said it could not comment on the Cloudhopper campaign.
Visma, which reported global revenues of $1.3 billion last year, provides business software products to more than 900,000 companies across Scandinavia and parts of Europe.
The company’s operations and security manager, Espen Johansen, said the attack was detected shortly after the hackers accessed Visma’s systems and he was confident no client networks were accessed.