Thursday, January 03, 2019

NJCCIC Alert: Chinese APT10 Intrusion Activities Target Government, Cloud-Computing Managed Service Providers and Customer Networks Worldwide


The FBI is providing the following information with HIGH confidence – NJCCIC (New Jersey Cybersecurity & Communications Integration Cell) Alert: this FBI Flash is being provided, with no guarantees or warranties, for potential use at the sole discretion of recipients in order to protect against cyber threats.
The FBI obtained information regarding a group of Chinese APT cyber actors stealing high value information from commercial and governmental victims in the U.S. and abroad. This Chinese APT group is known within private sector reporting as APT10, Cloud Hopper, menuPass, Stone Panda, Red Apollo, CVNX and POTASSIUM. This group heavily targets managed service providers (MSP) who provide cloud computing services; commercial and governmental clients of MSPs; as well as defense contractors and governmental entities. APT10 uses various techniques for initial compromise including spearphishing and malware. After initial compromise, this group seeks MSP administrative credentials to pivot between MSP cloud networks and customer systems to steal data and maintain persistence. This group has also used spearphishing to deliver malicious payloads and compromise victims.
This FBI Flash provides technical details and recommended mitigation measures to assist organizations in guarding against the persistent malicious actions of cyber criminals. Contact PTS to help ensure your systems are properly maintained and safe from the latest threats.

This information is marked Traffic Light Protocol (TLP): WHITE. Disclosure is not limited. Subject to standard copyright rules, TLP: WHITE information may be distributed without restriction.