SYMBOLCOMMON_NAMEaka. SYNONYMS

APT10  (Back to overview)

aka: STONE PANDAD, Menupass Team, happyyongzi, POTASSIUM, Red Apollo, CVNX, HOGFISH, Cloud Hopper, BRONZE RIVERSIDE, ATK41, G0045, Granite Taurus

menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.

Associated Families

There are currently no families associated with this actor.

References
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:granite:aaa5c01, author = {Unit 42}, title = {{Granite Taurus}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/granite-taurus}, language = {English}, urldate = {2022-08-30} } Granite Taurus
APT10
2021-02-28PWC UKPWC UK
@techreport{uk:20210228:cyber:bd780cd, author = {PWC UK}, title = {{Cyber Threats 2020: A Year in Retrospect}}, date = {2021-02-28}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf}, language = {English}, urldate = {2021-03-04} } Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:66f1290, author = {SecureWorks}, title = {{BRONZE RIVERSIDE}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-riverside}, language = {English}, urldate = {2020-05-23} } BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10
2019-11-19FireEyeNalani Fraser, Kelli Vanderlee
@techreport{fraser:20191119:achievement:30aad54, author = {Nalani Fraser and Kelli Vanderlee}, title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}}, date = {2019-11-19}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf}, language = {English}, urldate = {2022-09-12} } Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
APT1 APT10 APT2 APT26 APT3 APT30 APT41 Naikon Tonto Team
2019MITREMITRE ATT&CK
@online{attck:2019:menupass:8fde950, author = {MITRE ATT&CK}, title = {{Group description: menuPass}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0045/}, language = {English}, urldate = {2019-12-20} } Group description: menuPass
APT10
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:10:0acf62c, author = {Cyber Operations Tracker}, title = {{APT 10}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/apt-10}, language = {English}, urldate = {2019-12-20} } APT 10
APT10
2018-12-20FBIFBI
@online{fbi:20181220:chinese:06e7a78, author = {FBI}, title = {{Chinese Hackers Indicted - Members of APT 10 Group Targeted Intellectual Property and Confidential Business Information}}, date = {2018-12-20}, organization = {FBI}, url = {https://www.fbi.gov/news/stories/chinese-hackers-indicted-122018}, language = {English}, urldate = {2019-11-28} } Chinese Hackers Indicted - Members of APT 10 Group Targeted Intellectual Property and Confidential Business Information
APT10
2018-10-11NCSC UKNCSC UK
@techreport{uk:20181011:joint:d7901ac, author = {NCSC UK}, title = {{Joint report on publicly available hacking tools: How to limit the effectiveness of tools commonly used by malicious actors}}, date = {2018-10-11}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf}, language = {English}, urldate = {2019-11-20} } Joint report on publicly available hacking tools: How to limit the effectiveness of tools commonly used by malicious actors
APT10 APT19
2018-09-13FireEyeAyako Matsuda, Irshad Muhammad
@online{matsuda:20180913:apt10:689e4bb, author = {Ayako Matsuda and Irshad Muhammad}, title = {{APT10 Targeting Japanese Corporations Using Updated TTPs}}, date = {2018-09-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html}, language = {English}, urldate = {2019-12-20} } APT10 Targeting Japanese Corporations Using Updated TTPs
APT10
2018-04-23Accenture SecurityBart Parys
@techreport{parys:20180423:hogfish:4dc2531, author = {Bart Parys}, title = {{HOGFISH REDLEAVES CAMPAIGN: HOGFISH (APT10) targets Japan with RedLeaves implants in “new battle”}}, date = {2018-04-23}, institution = {Accenture Security}, url = {https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf}, language = {English}, urldate = {2020-06-18} } HOGFISH REDLEAVES CAMPAIGN: HOGFISH (APT10) targets Japan with RedLeaves implants in “new battle”
RedLeaves APT10
2017-07-27Trend MicroBenson Sy, CH Lei, Kawabata Kohei
@online{sy:20170727:chessmaster:a496667, author = {Benson Sy and CH Lei and Kawabata Kohei}, title = {{ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal}}, date = {2017-07-27}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/}, language = {English}, urldate = {2019-10-14} } ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal
APT10
2017-04-27Homeland SecurityHomeland Security
@techreport{security:20170427:intrusions:d535369, author = {Homeland Security}, title = {{INTRUSIONS AFFECTING MULTIPLE VICTIMS ACROSS MULTIPLE SECTO}}, date = {2017-04-27}, institution = {Homeland Security}, url = {https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf}, language = {English}, urldate = {2020-01-08} } INTRUSIONS AFFECTING MULTIPLE VICTIMS ACROSS MULTIPLE SECTO
APT10
2017-04-06eWeekSean Michael Kerner
@online{kerner:20170406:chinese:81730df, author = {Sean Michael Kerner}, title = {{Chinese Nation-State Hackers Target U.S in Operation TradeSecret}}, date = {2017-04-06}, organization = {eWeek}, url = {https://www.eweek.com/security/chinese-nation-state-hackers-target-u.s-in-operation-tradesecret}, language = {English}, urldate = {2020-01-08} } Chinese Nation-State Hackers Target U.S in Operation TradeSecret
APT10
2017-04-06FireEyeFireEye iSIGHT Intelligence
@online{intelligence:20170406:apt10:08847cf, author = {FireEye iSIGHT Intelligence}, title = {{APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat}}, date = {2017-04-06}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html}, language = {English}, urldate = {2019-12-20} } APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat
APT10
2017-04-04PWC UKPWC UK
@techreport{uk:20170404:operation:6d02e48, author = {PWC UK}, title = {{Operation Cloud Hopper}}, date = {2017-04-04}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf}, language = {English}, urldate = {2020-01-10} } Operation Cloud Hopper
APT10
2017-02-16Jen Miller-Osborn, Josh Grunzweig
@online{millerosborn:20170216:menupass:4aebb40, author = {Jen Miller-Osborn and Josh Grunzweig}, title = {{menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations}}, date = {2017-02-16}, url = {https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/}, language = {English}, urldate = {2019-11-21} } menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
APT10
Credits: MISP Project