top of page

Threat Actor Profile - APT10



Threat Actor: APT10; AKA "Stone Panda", "Red Apollo", and "MenuPass"


Date of Activity: ~2009-Present


Overview: APT10 (also known as Stone Panda, Red Apollo, and MenuPass) is a state-sponsored Chinese hacking group that has been active since at least 2009. The group is known for conducting targeted attacks against a wide range of industries, including technology, telecommunications, aerospace, and government organizations.


One of the most notable APT10 campaigns was the Operation Cloud Hopper, in which the group targeted managed service providers (MSPs) in order to gain access to their clients' networks. This allowed the hackers to steal a large amount of sensitive data from a wide range of organizations, including some major global corporations.


In 2018, the US Department of Justice indicted two individuals believed to be members of APT10, alleging that they were responsible for conducting cyber attacks against US companies on behalf of the Chinese government. This marked the first time that the US has publicly accused the Chinese government of sponsoring hacking campaigns.


APT10 is known for using a range of tactics to gain access to their targets' networks, including spearphishing and supply chain attacks. The group is also known for using custom malware, such as the PlugX RAT and the Quarian malware, to infiltrate and maintain access to their targets' systems.


As of 2019 it is assessed that APT10 is the Chinese Ministry of State Security (MSS) and the group specifically targets ‘competitor’ technology and IT organizations in Japan, South Korea, India, and the Philippines.


TTPs:

  • Nation-state tool set; to include exploits, implants, and RATs

  • Sophisticated Social engineering

  • Supply-chain interdiction and attacks

  • Implementing encrypted communications and co-opted infrastructure

  • Long term access to networks with deep access

  • Highly customizable toolkit tailored for specific operations


bottom of page