fbpx
Wikipedia

Red Apollo

January 09, 2023

This article is about the threat actor. For the butterfly, see Parnassius epaphus. For the element, see Potassium.

Red Apollo (also known as APT 10 (by Mandiant), MenuPass (by Fireeye), Stone Panda (by Crowdstrike), and POTASSIUM (by Microsoft))[1][2] is a Chinese state-sponsored cyberespionage group. A 2018 indictment by the United States Department of Justice claimed that the group is linked to the Tianjin State Security Bureau of Chinese government's Ministry of State Security, operating since 2006.[3]

Red Apollo
Formationc. 2003–2005[1]
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Region
China
MethodsZero-days, Phishing, backdoor (computing), RAT, Keylogging
Official language
Chinese
Parent organization
Tianjin State Security Bureau of the Ministry of State Security
Formerly called
APT10
Stone Panda
MenuPass
RedLeaves
CVNX
POTASSIUM

The team was designated by Fireeye as an Advanced Persistent Threat. Fireeye states that they target aerospace, engineering, and telecom firms and any government that they believe is a rival of China.

Fireeye stated that they could be targeting intellectual property from educational institutions such as a Japanese university and is likely to expand operations into the education sector in the jurisdictions of nations that are allied with the United States.[4] Fireeye claimed that they were tracked since 2009, however because of the low-threat nature they had posed, they were not a priority. Fireeye now describes the group as "a threat to organizations worldwide."[4]

Tactics

The group directly targets managed information technology service providers (MSPs) using RAT. The general role of an MSP is to help manage a company's computer network. MSPs were often compromised by Poison Ivy, FakeMicrosoft, PlugX, ArtIEF, Graftor, and ChChes, through the use of spear-phishing emails.[5]

History

2014 to 2017: Operation Cloud Hopper

Operation Cloud Hopper was an extensive attack and theft of information in 2017 directed at MSPs in the United Kingdom (U.K.), United States (U.S.), Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa, India, Thailand, South Korea and Australia. The group used MSP's as intermediaries to acquire assets and trade secrets from MSP-client engineering, industrial manufacturing, retail, energy, pharmaceuticals, telecommunications, and government agencies.

Operation Cloud Hopper used over 70 variants of backdoors, malware and trojans. These were delivered through spear-phishing emails. The attacks scheduled tasks or leveraged services/utilities to persist in Microsoft Windows systems even if the computer system was rebooted. It installed malware and hacking tools to access systems and steal data.[5]

2016 US Navy personnel data

Hackers accessed records relating to 130,000 US Navy personnel (out of 330,000).[6] Under these actions the Navy decided to coordinate with Hewlett Packard Enterprise Services, despite warnings being given prior to the breach.[7] All affected sailors were required to be notified.

2018 Indictments

A 2018 Indictment showed evidence that CVNX was not the name of the group, but was the alias of one of two hackers. Both used four aliases each to make it appear as if more than five hackers had attacked.

Post-Indictment activities

In April 2019 APT10 targeted government and private organizations in the Philippines.[8]

In 2020 Symantec implicated Red Apollo in a series of attacks on targets in Japan.[9]

In March 2021, they targeted Bharat Biotech and the Serum Institute of India (SII), the world's largest vaccine maker's intellectual property for exfiltration.[10]

See also

References

  1. ^ "APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat". FireEye. Retrieved 2021-03-07.
  2. ^ Kozy, Adam (2018-08-30). "Two Birds, One STONE PANDA". Retrieved 2021-03-07.
  3. ^ "Two Chinese Hackers Associated With the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information". United States Department of Justice. 2018-12-20. Retrieved 2021-03-07.{{cite web}}: CS1 maint: url-status (link)
  4. ^ a b "APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat « APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat". FireEye. April 6, 2017.{{cite web}}: CS1 maint: url-status (link)
  5. ^ a b "Operation Cloud Hopper: What You Need to Know - Security News - Trend Micro USA". trendmicro.com. April 10, 2017.{{cite web}}: CS1 maint: url-status (link)
  6. ^ "Chinese hackers allegedly stole data of more than 100,000 US Navy personnel". MIT Technology Review.
  7. ^ "US Navy Sailor Data 'Accessed by Unknown Individuals'". bankinfosecurity.com.
  8. ^ Manantan, Mark (September 2019). "The Cyber Dimension of the South China Sea Clashes". No. 58. The Diplomat. The Diplomat. Retrieved 5 September 2019.
  9. ^ Lyngaas, Sean (17 November 2020). "Symantec implicates APT10 in sweeping hacking campaign against Japanese firms". www.cyberscoop.com. Cyberscoop. Retrieved 19 November 2020.
  10. ^ N. Das, Krishna (1 March 2021). "Chinese hacking group Red Apollo (APT10) had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world's largest vaccine maker". Reuters. Retrieved 1 March 2021.{{cite news}}: CS1 maint: url-status (link)

January 09, 2023
apollo, this, article, about, threat, actor, butterfly, parnassius, epaphus, element, potassium, also, known, mandiant, menupass, fireeye, stone, panda, crowdstrike, potassium, microsoft, chinese, state, sponsored, cyberespionage, group, 2018, indictment, unit. This article is about the threat actor For the butterfly see Parnassius epaphus For the element see Potassium Red Apollo also known as APT 10 by Mandiant MenuPass by Fireeye Stone Panda by Crowdstrike and POTASSIUM by Microsoft 1 2 is a Chinese state sponsored cyberespionage group A 2018 indictment by the United States Department of Justice claimed that the group is linked to the Tianjin State Security Bureau of Chinese government s Ministry of State Security operating since 2006 3 Red ApolloFormationc 2003 2005 1 TypeAdvanced persistent threatPurposeCyberespionage cyberwarfareRegionChinaMethodsZero days Phishing backdoor computing RAT KeyloggingOfficial languageChineseParent organizationTianjin State Security Bureau of the Ministry of State SecurityFormerly calledAPT10Stone PandaMenuPassRedLeavesCVNXPOTASSIUMThe team was designated by Fireeye as an Advanced Persistent Threat Fireeye states that they target aerospace engineering and telecom firms and any government that they believe is a rival of China Fireeye stated that they could be targeting intellectual property from educational institutions such as a Japanese university and is likely to expand operations into the education sector in the jurisdictions of nations that are allied with the United States 4 Fireeye claimed that they were tracked since 2009 however because of the low threat nature they had posed they were not a priority Fireeye now describes the group as a threat to organizations worldwide 4 Contents 1 Tactics 2 History 2 1 2014 to 2017 Operation Cloud Hopper 2 2 2016 US Navy personnel data 2 3 2018 Indictments 2 4 Post Indictment activities 3 See also 4 ReferencesTactics EditThe group directly targets managed information technology service providers MSPs using RAT The general role of an MSP is to help manage a company s computer network MSPs were often compromised by Poison Ivy FakeMicrosoft PlugX ArtIEF Graftor and ChChes through the use of spear phishing emails 5 History Edit2014 to 2017 Operation Cloud Hopper Edit Operation Cloud Hopper was an extensive attack and theft of information in 2017 directed at MSPs in the United Kingdom U K United States U S Japan Canada Brazil France Switzerland Norway Finland Sweden South Africa India Thailand South Korea and Australia The group used MSP s as intermediaries to acquire assets and trade secrets from MSP client engineering industrial manufacturing retail energy pharmaceuticals telecommunications and government agencies Operation Cloud Hopper used over 70 variants of backdoors malware and trojans These were delivered through spear phishing emails The attacks scheduled tasks or leveraged services utilities to persist in Microsoft Windows systems even if the computer system was rebooted It installed malware and hacking tools to access systems and steal data 5 2016 US Navy personnel data Edit Hackers accessed records relating to 130 000 US Navy personnel out of 330 000 6 Under these actions the Navy decided to coordinate with Hewlett Packard Enterprise Services despite warnings being given prior to the breach 7 All affected sailors were required to be notified 2018 Indictments Edit A 2018 Indictment showed evidence that CVNX was not the name of the group but was the alias of one of two hackers Both used four aliases each to make it appear as if more than five hackers had attacked Post Indictment activities Edit In April 2019 APT10 targeted government and private organizations in the Philippines 8 In 2020 Symantec implicated Red Apollo in a series of attacks on targets in Japan 9 In March 2021 they targeted Bharat Biotech and the Serum Institute of India SII the world s largest vaccine maker s intellectual property for exfiltration 10 See also EditChina United States relations Cyberwarfare by ChinaReferences Edit APT10 MenuPass Group New Tools Global Campaign Latest Manifestation of Longstanding Threat FireEye Retrieved 2021 03 07 Kozy Adam 2018 08 30 Two Birds One STONE PANDA Retrieved 2021 03 07 Two Chinese Hackers Associated With the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information United States Department of Justice 2018 12 20 Retrieved 2021 03 07 a href Template Cite web html title Template Cite web cite web a CS1 maint url status link a b APT10 MenuPass Group New Tools Global Campaign Latest Manifestation of Longstanding Threat APT10 MenuPass Group New Tools Global Campaign Latest Manifestation of Longstanding Threat FireEye April 6 2017 a href Template Cite web html title Template Cite web cite web a CS1 maint url status link a b Operation Cloud Hopper What You Need to Know Security News Trend Micro USA trendmicro com April 10 2017 a href Template Cite web html title Template Cite web cite web a CS1 maint url status link Chinese hackers allegedly stole data of more than 100 000 US Navy personnel MIT Technology Review US Navy Sailor Data Accessed by Unknown Individuals bankinfosecurity com Manantan Mark September 2019 The Cyber Dimension of the South China Sea Clashes No 58 The Diplomat The Diplomat Retrieved 5 September 2019 Lyngaas Sean 17 November 2020 Symantec implicates APT10 in sweeping hacking campaign against Japanese firms www cyberscoop com Cyberscoop Retrieved 19 November 2020 N Das Krishna 1 March 2021 Chinese hacking group Red Apollo APT10 had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India SII the world s largest vaccine maker Reuters Retrieved 1 March 2021 a href Template Cite news html title Template Cite news cite news a CS1 maint url status link Retrieved from https en wikipedia org w index php title Red Apollo amp oldid 1127407591, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.