Friday, December 21, 2018

Who Are These APT10 – or Advanced Persistent Threat 10 Hackers

The United States charged two Chinese men hacking attacks targeting number of companies and government agencies in the US and around the world for more than a decade.
According to the US Department of Justice, Zhu Hua and Zhang Shilong worked for the Chinese Ministry of State Security in coordinating espionage activity through a hacking group known as APT10, to steal trade secrets and technologies from at least 12 countries. APT10 also known as “Red Apollo” and “Stone Panda”.
The indictment bu USA indicated the pair worked for Huaying Haitai Science and Technology Development Company. An entity described by an online Chinese business directory as being involved in the development of e-commerce websites and network operations.

 
The group is accused of multiple breaches involving a large number of companies and government entities. These attacks go back to 2006, The first, the “Technology Theft Campaign”, set to steal information about various technologies, began in or about 2006 and involved the group gaining access to the computer networks of more than 45 technology companies and US government agencies.
The government agencies like the NASA Goddard Space Centre and Jet Propulsion Laboratory and the US Department of Energy’s Lawrence Berkeley National Laboratory, were targeted by the hacking campaign.
The other campaign is more recent, starting in about 2014, APT10 launched an intrusion campaign to hack in to the computer networks of managed service providers (MSPs). These service providers are used by businesses and governments around the world.
The “MSP Theft Campaign” accessed computers providing services to or belonging to victim companies in at least 12 countries, namely Brazil, Britain, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, and the United States.

According to FBI, the victim companies were involved in the fields of global finance, telecommunications, consumer electronics, manufacturing, healthcare, biotechnology, mining, automotive supplies and drilling. While not indicated by the indictment, Reuters reported multiple sources saying the MSPs were Hewlett Packard Enterprise and IBM.
The first public reference to APT10 was made by FireEye in a 2013 report identified as “Poison Ivy”, it identified APT10 as an affiliate domain name to “menuPass”, a group that was known to have been targeting US and other defence contractors since at least 2009.
PwC’s cybersecurity practice and British multinational defence company BAE Systems published a report in 2017,  in cooperation with Britain’s National Cyber Security Centre, that claimed to have uncovered a hacking campaign – “Operation Cloud Hopper”, the MSP attack by APT10.
China responded to the charges by accusing Washington of cyber hacking and denying any involvement.

No comments: