Cicada, also known as APT10, Stone Panda, or Cloud Hopper, is a threat actor believed to be linked with the Chinese government. The group has been active since 2009, engaging in espionage operations against various organizations, particularly those associated with Japan. Cicada's activities involve sophisticated attack campaigns that indicate the backing of a large and well-resourced entity. Their operational tactics include the use of custom DLL loaders for decryption and execution of final payloads, such as QuasarRAT, an open-source backdoor previously used by the group.
In March 2023, Hackaday reported on a campaign by Cicada, which was confirmed authentic despite its annoying nature. Symantec, a division of Broadcom, discovered substantial evidence linking this campaign to Cicada, further solidifying their reputation as a major cybersecurity threat. Notably, the group has also targeted Managed Service Providers (MSPs) in the past, demonstrating their broad range of targets and strategic approach to cyber-espionage.
The similarities between Cicada's recent activities and those of previous campaigns, such as those described by Cylance in 2019, suggest a consistent modus operandi. This includes the use of techniques like DLL side-loading and living-off-the-land tools, emphasizing the necessity for comprehensive security solutions to detect and mitigate such threats. Despite countermeasures, Cicada remains highly dangerous due to its extensive resources, skills, and ability to execute wide-ranging and sophisticated attacks.