Threat Watch

Chinese Hackers Tied to Breach at Visma

China (APT-10): China’s APT-10 has been tied to a recent breach at Visma, a Norwegian cloud-based software solutions company.  The intrusion into Visma’s systems took place last August when APT-10 compromised Visma’s systems using stolen user credentials for a Citrix remote-access client being utilized by remote Visma employees to access the company’s internal network.  Once inside Visma’s network, they deployed the Trochilus RAT and the Uppercut backdoor.  Visma believes that they were able to catch the intrusion early enough that APT-10 was not able to cause any damage and do not believe that they were able to abuse any of the stolen data yet.  Visma has said that there are no indications that APT-10 was able to gain a foothold into any client networks, but the investigation is still ongoing.

ANALYST NOTES