Norwegian cybersecurity firm Visma is accusing a Chinese state-sponsored attack group (APT10) of allegedly attacking their systems and engaging in cyberespionage.
Visma, in partnership with fellow security firms Recorded Future and Rapid7, investigated a cyberespionage campaign that targeted organisations in the United States and Europe between November 2017 and September 2018.
One of the targeted companies was Visma itself, as well as a US law firm and an international apparel company. Visma’s own intelligence systems warned the company that it was about to be attacked.
The attackers gained access to networks through deployments of Citrix and LogMeIn remote-access software using stolen valid user credentials,” Recorded Future explains.
“The attackers then enumerated access and conducted privilege escalation on the victim networks, utilizing DLL sideloading techniques documented in a US-CERT alert on APT10 to deliver Trochilus malware.”
While the firm mitigated the threat and no systems were affected in the attack, the company says that in the