RecordedFuture has released a report on the investigation of a cyberespionagecampaign conducted by a state-sponsored threat actor towards US andEuropean companies last year. The report commends Visma’s securitywork and transparency in the aftermath of the investigation andhighlights the importance of industry collaboration in preventingcybercrime, writes Visma.

The report is a summary of an investigation of a sustained cyberespionage campaign conducted by Chinese state-sponsored threat actor, APT10, targeting at least three companies in the United States and Europe uncovered by Recorded Future and Rapid7 between November 2017 and September 2018.

First warned

Visma was identified as one of the targeted companies and was first warned of the attack by their own intelligence systems. Visma correlated the intelligence from Rapid 7 against their internal alerts and mitigated the threat. They soon confirmed that none of their clients’ systems were affected.

«Wehave several teams of security professionals in Visma that useefficient systems and methods to protect our systems from beingbreached. Through the existing security programs, coordinatedresponse of our security teams and good advice from our partners, wewere able to prevent client data from being compromised,» saidEspen Johansen, Operations and Security Manager in Visma.

Chairman Gunnar Bjorkavåg in the Visma Group.

While mitigating the threat, Visma contacted Recorded Future to dig deeper into the incident, gather additional intelligence and ensure proper attribution.

The Visma Corporate Security Incident Response Team (Visma CSIRT) worked closely with their Product Security Operations Center (PSOC), NSM NorCERT, as well as the police throughout the process.

Conclusive evidence

In this case, no client data was compromised, and Visma chose not to issue a general alert before they had conclusive evidence on who performed the theft.

Visma has transparency as a carrying principle for their business and will publish data on nation-state and criminal attacks against them both now and in the future. Sharing information contributes to public awareness of these matters and can motivate other organisations to do the same.

Johansen is careful to specify the importance of collaborating with the police, and encourages other organisations who suspect being the victim of similar attacks to follow the same example:

«As a general rule, we always report cyber attacks to the police – it is our responsibility as a corporation and our responsibility towards our clients. We are very thankful for the guidance and advice from NSM NorCERT, Police ( PST ), and other cooperating parties in this case. We urge all organisations to explore the opportunities that are available in CERT cooperation.»

Five international private investors own Visma. Hg and co-investors own 48.9%, Cinven owns 17.1%, GIC owns 13,6%, Intermediate Capital Group owns 7.6% and Montagu owns 6.2 %. A broad management group holds approximately 6.6 % of the shareholder equity in Visma. In addition to the stability of the principal owners, key shareholders have co-investors comprised of large Nordic and international pension funds. Former CEO in Norwegian Journal of Shipping and Trade Gunnar Bjørkavåg is chairman in Visma Group

Bjørkavåg was the Group CEO of the NHST Media Group, the leading provider of business news in Norway. From February 1st, 2018, Bjørkavåg has been the digital director at Erik Must AS (the family office of the Must family).

Formore information, please contact:
EspenJohansen, Operation and Security Manager, Visma, mobile: +4748169570.  All photos are fromthe Visma Group.

Skriv en kommentar

Din e-postadresse vil ikke bli publisert. Obligatoriske felt er merket med *