It has been reported that a Chinese nation-state hacking group known as APT10 has hacked and stolen data from Visma, a Norwegian company that provides cloud-based business software solutions for European companies. The intrusion into Visma’s network took place on August 17, 2018, according to a joint report published today by US cyber-security firms Rapid7 and Recorded Future.
https://twitter.com/browninfosecguy/status/1094377163006963714
Sam Curry, Chief Security Officer at Cybereason:
This is most significant when looking at Chinese actor APT 10’s targeting of US and European companies, through no fault of theirs, and specifically how Visma appears to have behaved. It’s worth lauding this and acknowledging their behaviour as reported. Before everything else, they appear to have found APT 10’s advanced operations (detailed in this US-CERT alert and known what to do: calling and pulling in others like Recorded Future appropriately.) Very few start out this way, but then, they leaned in and worked on this the right way. They have also reported no lost data in spite of infrastructure compromise, but the message here is understanding risk, implications, constituents and acting transparently and responsibility. Inferring from this, chaos must have reigned and been tamed with communications, management and good-old-fashioned leadership.
Going forward, others should look here and ask for lessons learned. These sorts of successes should be highlighted and learned from within Visma, but also in the wider industry. While most cyber conflict will pillory the losers, when we have heroes who have won or survived with dignity, we should not ignore it and should slow down to acknowledge it and look deeper.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.