APT10

Background

APT10, known as Stone Panda or MenuPass, is a Chinese cyber espionage group attributed to the Tianjin State Security Bureau, a regional bureau of China's Ministry of State Security (MSS). Active since at least 2009, APT10 became globally prominent for its Operation Cloud Hopper campaign (2016-2018), which targeted managed service providers (MSPs) worldwide to gain indirect access to their clients' networks. This supply-chain attack strategy allowed APT10 to compromise hundreds of organizations across multiple sectors by leveraging trusted MSP access rather than directly attacking hardened enterprise targets.

The group's MSS affiliation distinguishes it from PLA-linked groups like APT1 and APT41. MSS operations typically prioritize intelligence collection supporting China's economic development goals alongside traditional strategic intelligence. APT10's targeting pattern strongly suggests tasking from economic ministries and the Made in China 2025 strategic initiative, with intrusions focusing on industries designated for Chinese industrial development.

In December 2018, the U.S. Department of Justice indicted two Chinese nationals — Zhu Hua and Zhang Shilong — for their roles in APT10 operations. The Five Eyes nations (US, UK, Australia, Canada, New Zealand) issued a coordinated attribution statement. Despite this exposure, APT10 has continued operations under evolved tactics, with Japan's NISC, CERT, NPA, and Cabinet Secretariat issuing a joint advisory in 2021 attributing ongoing operations to APT10.

Notable Campaigns

Operation Cloud Hopper (2014-2018) — APT10's most impactful campaign targeted at least 45 managed service providers across 12 countries, using stolen MSP credentials to pivot into client networks. The campaign compromised organizations in aviation, satellite technology, manufacturing, pharmaceuticals, oil and gas, and communications across North America, Europe, and Asia-Pacific. Victims included HP Enterprise, IBM, Fujitsu, Tata Consultancy, NTT, Dimension Data, Computer Sciences Corporation, and DXC Technology.

Japanese Defense and Government Targeting (2018-2023) — APT10 has maintained a sustained focus on Japanese government agencies, defense contractors, and corporations. Operations compromised JAXA (Japan's space agency), Mitsubishi Electric, and multiple defense-related organizations. The group adapted its tooling for Japanese environments, developing Japanese-language lures and customized malware variants.

Healthcare and Pharmaceutical Sector (2019-2021) — During the COVID-19 pandemic, APT10 extensively targeted pharmaceutical companies and healthcare research institutions involved in vaccine development. The group sought proprietary research data, clinical trial information, and regulatory approval strategies. CISA and FBI attributed multiple COVID-19 research intrusions to Chinese state actors including APT10.

Financial Services and Law Firms (2016-2024) — APT10 has targeted law firms handling mergers and acquisitions involving Chinese interests, as well as financial institutions managing investments in China-relevant sectors. The group sought negotiating positions, confidential client information, and financial intelligence.

Tactics, Techniques & Procedures

Initial Access via Managed Service Providers — APT10's defining tactic is compromising MSPs to gain trusted access to downstream clients (T1199). The group identifies MSP employees with privileged access to client systems, steals their credentials (T1078), and uses legitimate management tools to traverse client networks without triggering perimeter defenses. This trusted-access approach makes detection significantly more difficult than direct network intrusion.

Credential Harvesting and Lateral Movement — After establishing a foothold, APT10 uses Impacket tools and credential dumping (T1003.001) to harvest domain credentials. Lateral movement occurs via RDP (T1021.001) and SMB (T1021.002). The group maps internal networks extensively before pivoting to high-value targets.

Custom Malware Deployment — APT10 deploys a rotating toolkit. RedLeaves and UPPERCUT (ANEL) are custom backdoors used for persistent access. PlugX, widely shared among Chinese APT groups, is used for secondary access channels. ChChes is a lightweight first-stage loader that downloads more capable payloads.

Evasion Techniques — APT10 uses masquerading (T1036) to name malware and tasks after legitimate Windows components. PowerShell execution (T1059.001) is used extensively with encoded commands. The group leverages living-off-the-land techniques, using built-in Windows tools like WMI, cmd.exe, and certutil to minimize reliance on detectable custom tools.

Tools & Malware

• PlugX (Korplug) — A widely-used Chinese APT remote access trojan providing modular capabilities including file management, keylogging, screenshot capture, and process manipulation. Shared across multiple Chinese APT groups.
• RedLeaves — A custom APT10 backdoor with an architecture similar to PlugX, supporting command execution, file operations, and C2 communication via encrypted channels. Observed in operations against Japanese organizations.
• UPPERCUT (ANEL) — A backdoor unique to APT10 providing a full feature set including shell command execution, file transfer, and screenshot capture. Used extensively in the post-Cloud Hopper operational period.
• ChChes — A lightweight first-stage loader that communicates via HTTP with cookie-based protocol, used to profile targets before deploying more capable tools.
• QuasarRAT — An open-source remote access tool used by APT10 alongside custom malware, providing deniability through the use of shared tools.
• HAYMAKER — A backdoor that communicates via HTTP, using encoded data in HTTP headers to conceal C2 traffic.
• SNUGRIDE — A first-stage implant used to download and execute secondary payloads, communicating via HTTP requests to cloud services.
• Impacket — An open-source Python library used for credential harvesting, lateral movement via SMB/WMI, and remote code execution on Windows systems.

Indicators & Detection

MSP-Targeted Detection — Organizations using managed service providers should enforce network segmentation that limits MSP access to only authorized systems. Implement privileged access workstations (PAWs) for MSP management interfaces. Monitor for MSP credentials being used outside of normal maintenance windows or from unexpected geographic locations. Require MSPs to use hardware MFA for all administrative access.

Network-Based Detection — Monitor outbound HTTPS connections to newly registered domains with low reputation scores. APT10 frequently uses domain generation algorithms for resilient C2 infrastructure. Look for DNS queries to domains with unusual TLD combinations. Detect PlugX and RedLeaves C2 by monitoring HTTP traffic with specific header patterns and unusually consistent beacon intervals.

Endpoint Detection — Monitor for PowerShell executions with base64-encoded payloads and unusual parent processes. Watch for DLL side-loading patterns where legitimate signed executables load DLLs from user-writable directories. Alert on certutil.exe downloading remote files, a common APT10 payload delivery technique. Detect lateral movement via unusual RDP connections during off-hours.

Authentication and Identity — Implement conditional access policies that flag logins from unexpected locations or devices. Monitor service accounts for anomalous usage patterns. Review delegated permissions granted to MSP accounts and enforce least-privilege access. Audit Kerberos ticket-granting service (TGS) requests for unusual service principal names.