menuPass

Threat Actor updated 2 months ago (2024-06-28T16:17:35.131Z)

Download STIX

Preview STIX

MenuPass, also known as APT10, Stone Panda, and ALPHV BlackCat, is a threat actor suspected to be linked to the Chinese government. This cyber espionage group has been active since at least 2009, according to Mandiant, and has targeted a wide range of sectors including construction, engineering, aerospace, telecom firms, and governments across the United States, Europe, and Japan. The group's tactics include spear phishing, with careful social engineering to ensure the legitimacy of their attacks. MenuPass has shown persistence in its attempts to compromise targets, repeatedly targeting the same organizations and individuals, particularly in Japan, since 2014. The group is known for developing the Trochilus malware, as identified by researchers from NHS Digital in the UK. They have also used other tools such as PIVY and ChChes malware family in their campaigns. The PIVY samples were found to use passwords such as "menuPass" and "keaidestone," further linking these attacks to the group. The ChChes malware shares an import hash with other tools used by MenuPass, providing additional evidence of the group's involvement. MenuPass continues to pose a significant threat due to its ongoing advanced persistent threat (APT) campaign, broad target range, and likely continued focus on Japan. Their persistent efforts and evolving techniques underscore the importance of robust cybersecurity measures and vigilance in detecting and mitigating such threats. Furthermore, the group's activities highlight the increasing sophistication and potential state sponsorship of cyber-espionage activities, necessitating a coordinated international response to address this challenge.

Description last updated: 2024-06-28T16:16:03.349Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT10	3	APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted
Stone Panda	2	Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Malware

Mitre

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the menuPass Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Trend Micro	2 months ago	Attackers in Profile: menuPass and ALPHV/BlackCat
CrowdStrike	2 months ago	CrowdStrike Sets New Benchmark with Fastest Threat Detection
CERT-EU	a year ago	Techrights — Slanderous Media Campaigns Trying to Link Linux to 'Backdoors'
CERT-EU	a year ago	Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor - Slashdot
CERT-EU	a year ago	Chinese hackers have unleashed a never-before-seen Linux backdoor – Ars Technica \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
MITRE	2 years ago	menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
MITRE	2 years ago	Advanced Persistent Threats (APTs) \| Threat Actors & Groups