APT10

Threat Actor updated 13 hours ago (2024-11-21T10:31:02.931Z)
Download STIX
Preview STIX
APT10, also known as menuPass, is a sophisticated threat actor believed to be operating on behalf of the Chinese Ministry of State Security (MSS). It has been active since at least 2006 and has been linked to numerous cyber espionage campaigns. The group utilizes advanced techniques and tools that are consistent with several Chinese threat actors, indicating a possible connection or shared resources among them. APT10's activities reflect a shifting target base, suggesting that their operations are driven by the interests of the sponsoring nation state. Recent analysis has pointed out interesting overlaps between APT10 and other campaigns such as Earth Tengshe's A41APT Campaign and Earth Kasha's LODEINFO campaign. Both these groups are suspected to be associated with APT10, indicating potential relationships in Tactics, Techniques, and Procedures (TTPs) or shared operator resources. Notably, Earth Kasha has applied obfuscation techniques popular among China-nexus adversaries, including APT10, further strengthening the correlation. However, despite these correlations, APT10 and Earth Kasha are currently viewed as separate entities. As a state-sponsored cyber espionage group, APT10's activities are dynamic and constantly evolving based on the directives of its sponsors. This highlights the complexity and adaptability of the threat landscape, underscoring the need for continuous vigilance and robust cybersecurity measures.
Description last updated: 2024-11-21T10:29:06.906Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
POTASSIUM is a possible alias for APT10. Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated
3
menuPass is a possible alias for APT10. MenuPass, also known as APT10, Stone Panda, and ChessMaster, is a threat actor suspected to be sponsored by the Chinese government. This group has been active since at least 2006, primarily targeting sectors such as construction and engineering, aerospace, telecom firms, and governments in the Unite
3
Stone Panda is a possible alias for APT10. Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies
2
Bronze Riverside is a possible alias for APT10. BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activ
2
Cloud Hopper is a possible alias for APT10. Cloud Hopper is a threat actor, also known as APT10, that has been involved in significant cyber espionage activities. This group executed a campaign named Operation Cloud Hopper, where they targeted managed IT service providers with the intention of gaining unauthorized access to their clients' net
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
State Sponso...
Loader
Chinese
Espionage
Backdoor
Domains
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The RedLeaves Malware is associated with APT10. RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected sUnspecified
3
The PlugX Malware is associated with APT10. PlugX is a Remote Access Trojan (RAT) malware known for its stealthy operations and destructive capabilities. It is often used by threat actors to exploit and damage computer systems, steal personal information, disrupt operations, or hold data hostage for ransom. Its deployment has been linked to sUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Earth Tengshe Threat Actor is associated with APT10. Earth Tengshe, also known as Bronze Riverside, is a threat actor believed to be associated with APT10, a notorious cyber espionage group. This entity has been involved in several malicious campaigns, including the "A41APT Campaign" and the "LODEINFO Campaign #1", suggesting a continuous pattern of aUnspecified
2
Source Document References
Information about the APT10 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Trend Micro
15 hours ago
Checkpoint
2 months ago
Trend Micro
5 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago