Stone Panda

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. The group's extensive targeting of various sectors, notably Japanese defense firms, has raised concerns within the cybersecurity community. There are significant intelligence gaps that prevent Falcon Intelligence from confidently assessing Stone Panda's potential connections to the MSS Tianjin Bureau, an entity of the Chinese government. Despite the group's extensive activities against Japanese defense firms following a certain time period, there is no conclusive evidence that firmly links the firm to Stone Panda. This lack of definitive information adds complexity to understanding the full scope of Stone Panda's operations and affiliations. The exposure of Stone Panda as an MSS contractor could significantly impact China’s current cyber operations due to the group's prolific activities across different sectors. Such a revelation may trigger additional U.S. investigations, potentially straining Sino-U.S. relations during an ongoing trade war. Given the limited public information about the APT campaign called MenuPass, further research and investigation are needed to fully understand Stone Panda's capabilities, intentions, and connections.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
menuPass
2
MenuPass, also known as APT10, Stone Panda, and ALPHV BlackCat, is a threat actor suspected to be linked to the Chinese government. This cyber espionage group has been active since at least 2009, according to Mandiant, and has targeted a wide range of sectors including construction, engineering, aer
APT10
2
APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Stone Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Techrights — Slanderous Media Campaigns Trying to Link Linux to 'Backdoors'
CERT-EU
10 months ago
Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor - Slashdot
CERT-EU
10 months ago
Chinese hackers have unleashed a never-before-seen Linux backdoor – Ars Technica | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
MITRE
a year ago
Two Birds, One STONE PANDA
MITRE
a year ago
menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
MITRE
a year ago
Researchers claim China trying to hack South Korea missile defense efforts