The malicious acts performed by the group involves compromising companies which supply clients with IT infrastructures such as storage and networking along with intangible services of support and consultation.
The list of affected industry sectors includes telecommunications, financial institutions, commercial manufacturing, automotive supplier companies, consulting organizations, biotechnology, mining, and drilling.
Reportedly, over 45 entities have fallen prey to the malicious
activities carried by APT10 in at least 12 states in the U.S.
One of the massive breaches by the aforementioned threat actors
includes compromising the personal data of over 100,000 individuals stored on the systems belonging to the US Department of the Navy.How do they operate?
The hackers employ spear-phishing attacks to infiltrate the target
network. The attack involves configuring a remote access trojan (RAT) to be executed on the system. The group uses a variety of RATs- PlugX, Quasar, PoisonIvy, and RedLeaves, to name a few.
Investigating the modus-operandi of the group which allows it to
function in secrecy, investigators noted, “The APT10 Group usually deleted the stolen files from compromised computers, thereby seeking to avoid detection and preventing identification of the specific files that were stolen,”Two hackers put to trial
Referenced from an indictment unsealed by the US District Court for the Southern District of New York, Zhu Hua and Zhang Shilong are the two hackers who enabled the operations of APT10. Both of them were employed by a Chinese company known as Huayin Haitai for the time-period of the attacks.
Canada’s Communication Security Establishment said, “Ministry of State Security (MSS) is responsible for the compromise of several Managed Service Providers (MSP), beginning as early as 2016.”
“…assesses with the highest level of probability that the group widely known as APT 10 is responsible for this sustained cyber campaign focused on large-scale service providers,” reads the statement of UK’s National Cyber Security Center.
According to Director-General of the GCSB Andrew Hampton, “This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,”
“All the (Group of 20) members, including China, have affirmed their commitment to the prohibition of (information and communication technology) enabled theft of intellectual property, and are required to take responsible actions as a member of the international community,” remarked Takeshi Osuga, the Japanese Foreign Ministry’s press secretary.