APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Since then it has targeted healthcare, defence, aerospace, government, heavy industry/mining, Managed Service Providers (MSPs) and IT industries, among many other sectors, for the likely purpose of intellectual property theft. In 2017 its targeting of several global MSPs, giving it extensive access to the networks of organisations worldwide, was widely reported by the NCSC and industry partners.
The NCSC is aware of current malicious activity affecting UK organisations across a broad range of sectors, likely conducted by APT10. This activity will almost certainly have been facilitated by the group’s targeting of MSPs, as well as other outsourcing providers.
This report is an update to Version 1.0, issued to the CiSP information sharing platform on 29 August 2018 with a handling caveat of TLP AMBER. There have been minor changes to the content of the report and the mitigation advice has been updated.