An established hacking association has been stealing secrets from organizations based in at least 12 countries from a wide array of industries. The group operates in linkage with China’s intelligence and security agency and has been practicing this for over a decade now.
Functioning since 2006, the group is identified by the names - APT10, CVNX, Red Apollo, Cloud Hopper, Stone Panda, MenuPass, and Potassium in the infosec sphere.
The malicious acts performed by the group involves compromising companies which supply clients with IT infrastructures such as storage and networking along with intangible services of support and consultation.
The malicious acts performed by the group involves compromising companies which supply clients with IT infrastructures such as storage and networking along with intangible services of support and consultation.
APT10 operated with an intent to stealthily draw confidential business and intellectual property data preserved by MSP customers in various countries including India, the U.S., the UK, the UAE, Switzerland, Japan, Canada, Brazil, France, Sweden, and Finland.
After examining the hacking campaigns led by the Chinese adversary, security researchers concluded that the group targets industries from a wide array of sectors.
The list of affected industry sectors includes telecommunications, financial institutions, commercial manufacturing, automotive supplier companies, consulting organizations, biotechnology, mining, and drilling.
Reportedly, over 45 entities have fallen prey to the malicious
activities carried by APT10 in at least 12 states in the U.S.
One of the massive breaches by the aforementioned threat actors
includes compromising the personal data of over 100,000 individuals stored on the systems belonging to the US Department of the Navy.
How do they operate?
The hackers employ spear-phishing attacks to infiltrate the target
network. The attack involves configuring a remote access trojan (RAT) to be executed on the system. The group uses a variety of RATs- PlugX, Quasar, PoisonIvy, and RedLeaves, to name a few.
Investigating the modus-operandi of the group which allows it to
function in secrecy, investigators noted, "The APT10 Group usually deleted the stolen files from compromised computers, thereby seeking to avoid detection and preventing identification of the specific files that were stolen,"
Two hackers put to trial
Referenced from an indictment unsealed by the US District Court for the Southern District of New York, Zhu Hua and Zhang Shilong are the two hackers who enabled the operations of APT10. Both of them were employed by a Chinese company known as Huayin Haitai for the time-period of the attacks.
Besides, Huayin Haitai, Ministry of State Security (MSS), a Chinese intelligence agency was another entity that guided the actions of the two hackers.
Statements released by other states
Statements released by other states
Canada
Canada’s Communication Security Establishment said, “Ministry of State Security (MSS) is responsible for the compromise of several Managed Service Providers (MSP), beginning as early as 2016.”
UK
"…assesses with the highest level of probability that the group widely known as APT 10 is responsible for this sustained cyber campaign focused on large-scale service providers," reads the statement of UK’s National Cyber Security Center.
New-Zealand
According to Director-General of the GCSB Andrew Hampton, “This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,”
Japan
“All the (Group of 20) members, including China, have affirmed their commitment to the prohibition of (information and communication technology) enabled theft of intellectual property, and are required to take responsible actions as a member of the international community,” remarked Takeshi Osuga, the Japanese Foreign Ministry’s press secretary.
