APT10 and "Cloud Hopper"
Welcome to our latest ProSec Blog.
Given the recent media reporting around suspected state sponsored cyber attacks against Australian government and business entities, we though we would compile various pieces of news and information regarding the attacks and identified threat groups - specifically APT10.
What are Advanced Persistent Threats?
An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time. The intention of an APT attack is usually to monitor network activity and steal data rather than to cause damage to the network or organisation.
APT is a military term adapted into the information security context that refers to attacks carried out by nation-states. APT-related threat enablers (malware, social engineering tactics, and intelligence gathering etc) are created by a group of dedicated in-house personnel using high-end tools and methods not usually employed by cybercriminals or located within normal underground channels - namely the Dark Web.
APT attacks typically target organisations in sectors such as national defence, manufacturing and the financial industry, as those companies deal with high-value information, including intellectual property, military plans, and other data from governments and commercial entities.
Advanced Persistent Threat 10 (APT10)
APT10 is a Chinese cyber espionage group that FireEye has tracked since 2009. They have historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan.
We believe that the targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations. Read more
Operation Cloud Hopper: What You Need to Know
Security researchers recently uncovered a pervasive cyberespionage campaign by a group known as “APT10” (a.k.a. MenuPass, POTASSIUM, Stone Panda, Red Apollo, and CVNX).
The attacks were leveled against managed IT service providers, which the group used as intermediaries to get their hands on their target’s corporate assets and trade secrets. Read more
China uses the cloud to step up spying on Australian businesses
20 November 2018
China’s peak security agency has directed a surge in cyber attacks on Australian companies over the past year, breaching an agreement struck between Premier Li Keqiang and former Prime Minister Malcolm Turnbull to not steal each other’s commercial secrets.
A Fairfax Media/Nine News investigation has confirmed that China’s Ministry of State Security is responsible for what is known in cyber circles as “Operation Cloud Hopper”, a wave of attacks detected by Australia and its partners in the Five Eyes intelligence sharing alliance. Read more
Chinese spies responsible for surge in cyber hacking
20 November 2018
China's peak security agency has directed a surge in cyber attacks on Australian companies over the past year, breaching an agreement struck between Premier Li Keqiang and former Prime Minister Malcolm Turnbull to not steal each other's commercial secrets.
An investigation by The Australian Financial Review and Nine News has confirmed China's Ministry of State Security (MSS), is responsible for what is known in cyber circles as "Operation Cloud Hopper", a wave of attacks detected by Australia and its partners in the Five Eyes intelligence sharing alliance.
A senior Australian government source described China's activity as "a constant, significant effort to steal our intellectual property". Read more
GCSB not confirming report China responsible for surge in cyber espionage
20 November 2018
The Government Communications Security Bureau is not confirming a report that China is behind espionage attacks on Australian businesses and other "Five Eyes" countries.
Australian media companies Fairfax Media and Nine Entertainment reported China's Ministry of State Security was responsible for "Operation Cloud Hopper" and a surge in cyber espionage against Australian companies over the past year.
Fairfax Media, which is the parent of Stuff, quoted unnamed Australian officials as claiming the activity breached an agreement between Chinese premier Li Keqiang and former Australian prime minister Malcolm Turnbull "to not steal each other's commercial secrets". Read more