APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Recently APT10 has compromised many global MSPs. The activity is global, but there is a significant UK impact. Industry information indicates that the exploitation methods vary depending on the location targeted. While the impact of the actor’s intrusions may not be immediately evident, the loss of intellectual property and associated financial cost in the case of successful data theft can be considerable. A successful compromise may also result in significant penalties under GDPR, as APT10 have been observed in multiple cases exfiltration large volumes of personal data. And the organization itself is not at risk in isolation: infections can and do spread rapidly onward to infect its customers and/or supply chain.
This report is an update to the series of malware advisories focusing on MSP attacks. The Advisory released by us in October was emphasizing on the possible TTPs used by the APT10 to attack MSPs and the advisory released in December mentioned the compromised global MSPs. In this report, new IOCs are there.
Release Date: 24th December 2018
Target OS: Managed Service Providers
Distribution Method: Via vulnerability exploitation and Trojan installation
Discovered By: National Cyber Security Centre