APT10

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted sectors such as construction and engineering, aerospace, telecom firms, and governments in the United States, Europe, and Japan. The tools and techniques used by this group are consistent with several Chinese threat actors, indicating a potential connection or shared resources. In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by APT10. This multi-wave attack focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network. The Remote Access Trojan (RAT) used in these attacks has been associated with various Chinese threat actors, including APT10, demonstrating its ability to take total control over a machine. In Operation Cloud Hopper, APT10 utilized Nbtscan to search for services of interest across IT estates and footprint endpoints of interest. APT10 has demonstrated significant capability and flexibility, being conflated with other MSS-linked intrusion activities such as Mustang Panda, Witchetty, and MirrorFace. It has also been linked to various campaigns against organizations in Japan, Middle East, and Africa. New tools unique to APT10 have been identified in recent intrusions, showing the group's continuous development and adaptation. Furthermore, APT10, also known as Stone Panda and MenuPass, is reported to have developed Trochilus, another powerful tool in their cyber arsenal.
What's your take? (Question 1 of 5)
eea8fad5-331b-49c3-aba9-c8fa435429e1 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
POTASSIUM
3
Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated
menuPass
2
MenuPass, also known as APT10 or Stone Panda, is a cyber espionage group that has been actively tracked by Mandiant since 2009. The group is suspected to be linked to the Chinese government and targets various sectors including construction and engineering, aerospace, and telecom firms, in addition
Stone Panda
2
Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies
Bronze Riverside
2
BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activ
Cloud Hopper
2
Cloud Hopper is a threat actor, also known as APT10, that has been involved in significant cyber espionage activities. This group executed a campaign named Operation Cloud Hopper, where they targeted managed IT service providers with the intention of gaining unauthorized access to their clients' net
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Loader
State Sponso...
Chinese
Espionage
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedLeavesUnspecified
3
RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected s
PlugXUnspecified
2
PlugX is a notorious malware, often used by various threat groups in their cyberattacks. It has been linked to several high-profile activities, such as those of the Winnti group and the LockFile ransomware activity. This Remote Access Trojan (RAT) employs sophisticated techniques like DLL side-loadi
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the APT10 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Two Chinese Hackers Associated With the Ministry of State Security
MITRE
a year ago
APT10 MenuPass Group | Global Targeting Using New Tools
MITRE
a year ago
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
MITRE
a year ago
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
BAE Systems
a year ago
APT10 - Operation Cloud Hopper
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
Trend Micro
a year ago
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
MITRE
a year ago
APT10 Targets Japanese Corporations Using Updated TTPs
MITRE
a year ago
Two Birds, One STONE PANDA
CERT-EU
a year ago
供應鏈安全
MITRE
a year ago
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
Secureworks
a year ago
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
CERT-EU
8 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU
9 months ago
Chinese hackers accused of targeting Southeast Asian gambling sector
MITRE
a year ago
Researchers claim China trying to hack South Korea missile defense efforts
MITRE
a year ago
TALONITE Threat Group| Dragos
CERT-EU
a year ago
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
MITRE
a year ago
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat | Mandiant
MITRE
a year ago
IndigoZebra APT continues to attack Central Asia with evolving tools - Check Point Research
MITRE
a year ago
menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations