An established hacking association has been stealing secrets fromorganizations based in at least 12 countries from a wide array ofindustries. The group operates in linkage with China’s intelligenceand security agency and has been practicing this for over a decadenow.
Functioning since 2006, the group is identified by the names - APT10,CVNX, Red Apollo, Cloud Hopper, Stone Panda, MenuPass, and Potassiumin the infosec sphere.
The malicious acts performed by the group involves compromisingcompanies which supply clients with IT infrastructures such as storageand networking along with intangible services of support andconsultation.
The malicious acts performed by the group involves compromisingcompanies which supply clients with IT infrastructures such as storageand networking along with intangible services of support andconsultation.
APT10 operated with an intent to stealthily draw confidential businessand intellectual property data preserved by MSP customers in variouscountries including India, the U.S., the UK, the UAE, Switzerland,Japan, Canada, Brazil, France, Sweden, and Finland.
After examining the hacking campaigns led by the Chinese adversary,security researchers concluded that the group targets industries from awide array of sectors.
The list of affected industry sectors includes telecommunications,financial institutions, commercial manufacturing, automotive suppliercompanies, consulting organizations, biotechnology, mining, anddrilling.
Reportedly, over 45 entities have fallen prey to the malicious
activities carried by APT10 in at least 12 states in the U.S.
One of the massive breaches by the aforementioned threat actors
includes compromising the personal data of over 100,000 individualsstored on the systems belonging to the US Department of the Navy.
How do they operate?
The hackers employ spear-phishing attacks to infiltrate the target
network. The attack involves configuring a remote access trojan (RAT)to be executed on the system. The group uses a variety of RATs- PlugX,Quasar, PoisonIvy, and RedLeaves, to name a few.
Investigating the modus-operandi of the group which allows it to
function in secrecy, investigators noted, "The APT10 Group usuallydeleted the stolen files from compromised computers, thereby seekingto avoid detection and preventing identification of the specific filesthat were stolen,"
Two hackers put to trial
Referenced from an indictment unsealed by the US District Court forthe Southern District of New York, Zhu Hua and Zhang Shilong are thetwo hackers who enabled the operations of APT10. Both of them wereemployed by a Chinese company known as Huayin Haitai for thetime-period of the attacks.
Besides, Huayin Haitai, Ministry of StateSecurity (MSS), a Chinese intelligence agency was another entity thatguided the actions of the two hackers.
Statements released by other states
Statements released by other states
Canada
Canada’s Communication Security Establishment said, “Ministry of StateSecurity (MSS) is responsible for the compromise of several ManagedService Providers (MSP), beginning as early as 2016.”
UK
"…assesses with the highest level of probability that the group widelyknown as APT 10 is responsible for this sustained cyber campaignfocused on large-scale service providers," reads the statement ofUK’s National Cyber Security Center.
New-Zealand
According to Director-General of the GCSB Andrew Hampton, “Thislong-running campaign targeted the intellectual property andcommercial data of a number of global managed service providers, someoperating in New Zealand,”
Japan
“All the (Group of 20) members, including China, have affirmed theircommitment to the prohibition of (information and communicationtechnology) enabled theft of intellectual property, and are requiredto take responsible actions as a member of the internationalcommunity,” remarked Takeshi Osuga, the Japanese Foreign Ministry’spress secretary.