APT10

Threat Actor updated 4 months ago (2024-05-04T18:47:39.946Z)

Download STIX

Preview STIX

APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted sectors such as construction and engineering, aerospace, telecom firms, and governments in the United States, Europe, and Japan. The tools and techniques used by this group are consistent with several Chinese threat actors, indicating a potential connection or shared resources. In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by APT10. This multi-wave attack focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network. The Remote Access Trojan (RAT) used in these attacks has been associated with various Chinese threat actors, including APT10, demonstrating its ability to take total control over a machine. In Operation Cloud Hopper, APT10 utilized Nbtscan to search for services of interest across IT estates and footprint endpoints of interest. APT10 has demonstrated significant capability and flexibility, being conflated with other MSS-linked intrusion activities such as Mustang Panda, Witchetty, and MirrorFace. It has also been linked to various campaigns against organizations in Japan, Middle East, and Africa. New tools unique to APT10 have been identified in recent intrusions, showing the group's continuous development and adaptation. Furthermore, APT10, also known as Stone Panda and MenuPass, is reported to have developed Trochilus, another powerful tool in their cyber arsenal.

Description last updated: 2024-05-04T16:56:13.884Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
POTASSIUM	3	Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated
menuPass	3	MenuPass, also known as APT10, Stone Panda, and ALPHV BlackCat, is a threat actor suspected to be linked to the Chinese government. This cyber espionage group has been active since at least 2009, according to Mandiant, and has targeted a wide range of sectors including construction, engineering, aer
Stone Panda	2	Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies
Cloud Hopper	2	Cloud Hopper is a threat actor, also known as APT10, that has been involved in significant cyber espionage activities. This group executed a campaign named Operation Cloud Hopper, where they targeted managed IT service providers with the intention of gaining unauthorized access to their clients' net
Bronze Riverside	2	BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activ

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

State Sponso...

Malware

Loader

Chinese

Espionage

Backdoor

Domains

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
RedLeaves	Unspecified	3	RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected s
PlugX	Unspecified	2	PlugX is a notorious malware known for its harmful capabilities and stealthy operations. Often used by the Winnti group, it has been linked to various cyber-attacks, leveraging DLL side-loading to remain undetected. This technique allows it to infiltrate systems without raising alarms, making it an

Source Document References

Information about the APT10 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Trend Micro	2 months ago	Attackers in Profile: menuPass and ALPHV/BlackCat
CERT-EU	6 months ago	Surge in ransomware, leaks and info stealers targeting Middle East and Africa – Intelligent CIO Middle East \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Techrights — Slanderous Media Campaigns Trying to Link Linux to 'Backdoors'
CERT-EU	a year ago	My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU	a year ago	Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor - Slashdot
CERT-EU	a year ago	Chinese hackers have unleashed a never-before-seen Linux backdoor – Ars Technica \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Chinese hackers accused of targeting Southeast Asian gambling sector
Securityaffairs	a year ago	Bronze Starlight targets the Southeast Asian gambling sector - Security Affairs
CERT-EU	a year ago	Cloud Providers Becoming Key Players in Ransomware, Halcyon Warns
CERT-EU	a year ago	Russia, Serbia targeted by Space Pirates threat group
CERT-EU	a year ago	Cloudzy delivers cloud services to multiple APT groups, researchers say
CERT-EU	a year ago	Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Visma
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Visma
CERT-EU	a year ago	Japan in the Crosshairs of Many State-Sponsored Threat Actors New Report Finds
CERT-EU	a year ago	Intellectual Property Security: Defending Valuable Business Assets - Security Boulevard
MITRE	2 years ago	Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
MITRE	2 years ago	menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
MITRE	2 years ago	Two Chinese Hackers Associated With the Ministry of State Security
MITRE	2 years ago	APT10 MenuPass Group \| Global Targeting Using New Tools