As we continue our series of articles on state-sponsored cyberattack groups, […]
We are looking at the biggest threats on the cybersecurity […]
To kick off our series highlighting the most notorious and […]
See how securing your environment with Ntirety’s Comprehensive Compliant Security solution can save you money with our ROI Calculator.
Overview This event technology company provides customers with best-in- class […]
OVERVIEW What started as a niche company to bridge two […]
Michigan Mutual is a mortgage broker founded in 1992 by […]
In this episode, we talk with Tony Scribner of Ntirety, […]
Emil Sayegh is a well established executive in product and […]
Today we’ll be talking about hybrid cloud, security, and Maslow’s […]
APT10 is not a standalone group, but part of a larger Chinese cyber espionage campaign known as Operation Cloud Hopper, which targets managed service providers (MSPs) to gain access to their clients’ networks. In 2018, two Chinese nationals associated with the Chinese Ministry of State Security (MSS) were indicted by the US Department of Justice for their role in APT10’s cyber espionage activities. This was a significant development in the ongoing effort to combat state-sponsored cyber attacks.
APT10 knows no boundaries when it comes to attacks. For example, one of the group’s most notable campaigns was in 2014 when it targeted the US Office of Personnel Management (OPM) and stole the personal information of over 21 million government employees. This was considered one of the largest breaches of federal government data in US history.
APT10 is also known for its focus on intellectual property theft, particularly of sensitive business and technological information. APT10 is believed to have targeted multiple organizations in the aerospace, defense, and energy sectors, as well as technology and engineering fields. Because of this targeting and the exfiltration of data, this group poses a significant national threat, especially from the Chinese state.
APT10’s use of advanced techniques such as custom malware and spear-phishing campaigns make the group technically unique. They use a variety of tools and techniques to infiltrate and maintain access to target networks, including remote access trojans (RATs) and web shells.
In addition, APT10 uses the technique of “living off the land” to evade detection and maintain access to target networks. This involves using legitimate tools and processes already present on a system, rather than introducing new malware or other malicious software.
APT10 also uses “watering hole” attacks, where the group compromises a website likely to be visited by its intended targets in order to infect their systems with malware or steal sensitive information. This technique allows the group to focus on the most valuable targets.
In recent years, APT10 has been observed using various malware families such as PlugX, Quasar, and RedLeaves. These malware families are used to establish a foothold on a target network and gain persistence. The group has also been known to use infrastructure leased from legitimate, but unaware, hosting providers, making it difficult to trace the origin of the attack.
It is difficult to prepare for APT10’s attacks due to the limitless cloud and datacenter perimeters. The best approach is to be aware and implement multiple layers of security.
With the growing number of cyber-attacks and concern about state-sponsored hacking groups like APT10, organizations need to take a proactive approach to protection. This includes implementing strong and comprehensive full-stack security measures such as managed firewalls, intrusion detection and prevention systems, and regular updates to software and systems. Most importantly, professional 24×7 active technical monitoring is a necessity for a well-protected computing system environment.
Organizations can take several steps to protect themselves against APT10 and other state-sponsored hacking groups:
That is just a quick look at APT10, the well-known and dangerous Chinese state-sponsored hacking group that’s been active for over a decade. This sophisticated and well-funded group has been responsible for a number of high-profile cyber attacks and, as APT10 continues to evolve its tactics and techniques, it poses an ongoing threat to organizations around the world. It should be a critical mission for organizations to be aware of the group and to take steps to protect themselves from APT10.
This article was originally published in Forbes, please follow me on LinkedIn.