Alerts and Advisories

Advisory: APT10 continuing to target UK organisations

Created:  20 Dec 2018
Updated:  20 Dec 2018
An updated report on APT10's continued targeting of UK organisations.
The NCSC published advice to mitigate against this campaign targeting MSPs on 3 April 2017.

APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Since then it has targeted healthcare, defence, aerospace, government, heavy industry/mining, Managed Service Providers (MSPs) and IT industries, among many other sectors, for the likely purpose of intellectual property theft. In 2017 its targeting of several global MSPs, giving it extensive access to the networks of organisations worldwide, was widely reported by the NCSC and industry partners.

The NCSC is aware of current malicious activity affecting UK organisations across a broad range of sectors, likely conducted by APT10. This activity will almost certainly have been facilitated by the group’s targeting of MSPs, as well as other outsourcing providers.

This report is an update to Version 1.0, issued to the CiSP information sharing platform on 29 August 2018 with a handling caveat of TLP AMBER. There have been minor changes to the content of the report and the mitigation advice has been updated.

APT10 advisory v2.pdf

PDF, 197.42KB

This file may not be suitable for users of assistive technology.

APT10 continues to target UK organisations across wide range of sectors

Was this information helpful?

We need your feedback to improve this content.

Yes No