APT10 Breach Managed Service Providers

An alleged Chinese APT (Advanced Persistent Threat) known by the name APT10. This group is also known as:

  • Red Apollo by PwC UK
  • CVNX by BAE Systems
  • Stone Panda by CrowdStrike
  • POTASSIUM by Microsoft
  • and menuPass Team by Trend Micro

The group behind the attacks has targeted Canada, Brazil, France, Norway, Finland, Switzerland, South Africa, Australia, Japan, and India for intellectual property and other sensitive information, according to a recent PricewaterhouseCoopers (PwC) UK and BAE Systems report and the technical annexure.

You need to take cognizance of the fact that if your MSP is in the list of compromised service providers, and you are sitting in a different country, you need to assume that you have been compromised.

The following companies are noted to have been breached by a hacking campaign called ‘Cloud Hopper’.

  • IBM
  • Ericsson
  • Fujitsu
  • HPE
  • Tata Consultancy Services
  • NTT Data
  • Dimension Data
  • Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.
  • Sabre
  • Huntington Ingalls Industries
  • And many of their clients….

Some evidence of the breach at the compromised MSPs (Managed Service Providers) dates back as early as 2010.

If you feel you may have been compromised through a 3rd-party service provider. I recommend that you engage with an independent expert for an investigation and NOT the same MSP as we have found that it is easy to ‘hide’ evidence.