Stone Panda

Threat Actor updated 5 months ago (2024-05-04T18:19:05.053Z)

Download STIX

Preview STIX

Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. The group's extensive targeting of various sectors, notably Japanese defense firms, has raised concerns within the cybersecurity community. There are significant intelligence gaps that prevent Falcon Intelligence from confidently assessing Stone Panda's potential connections to the MSS Tianjin Bureau, an entity of the Chinese government. Despite the group's extensive activities against Japanese defense firms following a certain time period, there is no conclusive evidence that firmly links the firm to Stone Panda. This lack of definitive information adds complexity to understanding the full scope of Stone Panda's operations and affiliations. The exposure of Stone Panda as an MSS contractor could significantly impact China’s current cyber operations due to the group's prolific activities across different sectors. Such a revelation may trigger additional U.S. investigations, potentially straining Sino-U.S. relations during an ongoing trade war. Given the limited public information about the APT campaign called MenuPass, further research and investigation are needed to fully understand Stone Panda's capabilities, intentions, and connections.

Description last updated: 2024-05-04T17:43:51.416Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
menuPass is a possible alias for Stone Panda. MenuPass, also known as APT10, Stone Panda, and ChessMaster, is a threat actor suspected to be sponsored by the Chinese government. This group has been active since at least 2006, primarily targeting sectors such as construction and engineering, aerospace, telecom firms, and governments in the Unite	2
APT10 is a possible alias for Stone Panda. APT10, also known as Menupass Team or menuPass, is a Chinese cyber espionage group that has been active since at least 2006. The group is believed to operate on behalf of the Chinese Ministry of State Security (MSS). It primarily targets sectors such as construction and engineering, aerospace, telec	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Stone Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Techrights — Slanderous Media Campaigns Trying to Link Linux to 'Backdoors'
CERT-EU	a year ago	Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor - Slashdot
CERT-EU	a year ago	Chinese hackers have unleashed a never-before-seen Linux backdoor – Ars Technica \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
MITRE	2 years ago	Two Birds, One STONE PANDA
MITRE	2 years ago	menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
MITRE	2 years ago	Researchers claim China trying to hack South Korea missile defense efforts