APT10

Threat Actor updated 23 days ago (2024-11-29T14:21:46.041Z)
Download STIX
Preview STIX
APT10, also known as Menupass, is a sophisticated threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). This group has been associated with numerous cyber espionage campaigns targeting various sectors globally. Recent analysis suggests a link between APT10 and other threat actors like Earth Tengshe and Earth Kasha, which are also suspected to have connections with China. The evidence for these connections includes similarities in tools, techniques, procedures (TTPs), and operator resources used by these groups. Several campaigns, such as the A41APT Campaign and LODEINFO campaign, have been analyzed and found to exhibit overlap with APT10 operations. The A41APT Campaign, attributed to Earth Tengshe, and the LODEINFO campaign, linked to Earth Kasha, both demonstrate tactics and methods consistent with APT10's modus operandi. For instance, the use of ANEL, a 32-bit HTTP-based backdoor observed since around 2017 and known as one of the primary backdoors used by APT10 until around 2018, was noted in these recent campaigns. This reuse supports the connection between APT10 and the current activities of Earth Kasha. Despite these correlations, it's important to note that APT10 and Earth Kasha are currently viewed as separate entities, albeit with potential links. Both groups have been observed using obfuscation techniques popular among China-nexus adversaries, including APT10 and Twisted Panda. In conclusion, while the direct relationship between APT10, Earth Tengshe, and Earth Kasha remains under investigation, their shared tactics, techniques, and resources suggest a possible common origin or collaboration.
Description last updated: 2024-11-28T11:49:45.900Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
POTASSIUM is a possible alias for APT10. Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated
3
menuPass is a possible alias for APT10. MenuPass, also known as APT10, Stone Panda, and ChessMaster, is a threat actor suspected to be sponsored by the Chinese government. This group has been active since at least 2006, primarily targeting sectors such as construction and engineering, aerospace, telecom firms, and governments in the Unite
3
Stone Panda is a possible alias for APT10. Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies
2
Cloud Hopper is a possible alias for APT10. Cloud Hopper is a threat actor, also known as APT10, that has been involved in significant cyber espionage activities. This group executed a campaign named Operation Cloud Hopper, where they targeted managed IT service providers with the intention of gaining unauthorized access to their clients' net
2
Bronze Riverside is a possible alias for APT10. BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activ
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Backdoor
State Sponso...
Malware
Loader
Chinese
Espionage
Domains
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The RedLeaves Malware is associated with APT10. RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected sUnspecified
3
The PlugX Malware is associated with APT10. PlugX is a Remote Access Trojan (RAT) malware known for its stealthy operations and destructive capabilities. It is often used by threat actors to exploit and damage computer systems, steal personal information, disrupt operations, or hold data hostage for ransom. Its deployment has been linked to sUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT41 Threat Actor is associated with APT10. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activiUnspecified
2
The Earth Tengshe Threat Actor is associated with APT10. Earth Tengshe, also known as Bronze Riverside, is a threat actor believed to be associated with APT10, a notorious cyber espionage group. This entity has been involved in several malicious campaigns, including the "A41APT Campaign" and the "LODEINFO Campaign #1", suggesting a continuous pattern of aUnspecified
2
Source Document References
Information about the APT10 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
12 days ago
Trend Micro
24 days ago
Trend Micro
a month ago
Checkpoint
3 months ago
Trend Micro
6 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago