APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Recently APT10 has compromised many global MSPs. The activity is global, but there is a significant UK impact. Industry information indicates that the exploitation methods vary depending on the location targeted. While the impact of the actor’s intrusions may not be immediately evident, the loss of intellectual property and associated financial cost in the case of successful data theft can be considerable. A successful compromise may also result in significant penalties under GDPR, as APT10 have been observed in multiple cases exfiltration large volumes of personal data. And the organization itself is not at risk in isolation: infections can and do spread rapidly onward to infect its customers and/or supply chain.