China’s MSS Targeted Major European MSP: Report

Security researchers have discovered another Chinese state-sponsored APT campaign, this time targeting a major European MSP with the likely intent of stealing IP from its customers. Recorded Future and Rapid7 claimed in a new co-authored report that the notorious APT10 group, linked to China’s fearsome Ministry of State Security (MSS), was responsible for the campaign, running between November 2017 and September 2018. It is said to have targeted Norwegian provider Visma, which has 850,000 customers around the globe, as well as a multi-national clothing giant and a US law firm with strong experience in IP law and clients in pharma, tech, automotive and other sectors. The initial entry point in all three cases was stolen Citrix/LogMeIn credentials, enabling remote network access. “The attackers then enumerated access and conducted privilege escalation on the victim networks, utilizing DLL sideloading techniques documented in a US-CERT alert on APT10 to deliver malware,” the report continued.