Cyber Threat Actor: APT10
| Actor Type | Location | Known Incidents |
Nation State
|
China
|
13 incidents |
|---|
Profile
APT10, also known as Stone Pounce and MenuPass, is a threat actor group traced to China and publicly linked to the country’s Ministry of State Security. The group is characterized as a Chinese state‑linked entity that conducts cyber espionage to advance Chinese economic interests by stealing corporate and government secrets. Its primary targets are technology service providers and the downstream corporate and government clients that rely on those providers’ cloud and IT outsourcing services, with activity observed across multiple regions globally. The strategic objective consistently described in the reporting is economic espionage, specifically the exfiltration of intellectual property and sensitive data to benefit China’s economic position.
The group’s tactics, techniques, and procedures center on exploiting vulnerabilities in cloud computing infrastructures to gain initial access through compromised service providers. Once inside a provider’s environment, APT10 uses that access as a launchpad to infiltrate the networks of the provider’s customers, maintaining persistent presence over several years to systematically exfiltrate data. The reporting notes that the actors leverage third‑party IT outsourcing models and cloud service weaknesses, and they benefit from service providers’ reluctance to disclose breaches due to liability and reputational concerns, which hampers victim detection and response. No specific malware families or tooling styles are detailed in the supplied material, so the profile limits itself to the referenced exploitation of cloud vulnerabilities and the use of compromised provider networks as a foothold.
Representative operations attributed to APT10 include the Cloud Hopper campaign highlighted in a December 2018 incident where the group breached major technology service providers such as IBM and Hewlett Packard Enterprise to reach client networks and steal secrets over an extended period. Additionally, a prolonged espionage effort targeting numerous technology firms—including NTT Data, Tata Consultancy Services, a Swedish telecoms equipment giant, and others—demonstrated the group’s ability to exploit cloud infrastructure across multiple providers to access a wide range of corporate and government victims, despite security countermeasures and international agreements against economic espionage. These campaigns underscore the group’s reliance on supply‑chain intermediaries and its focus on long‑term data theft for state‑aligned economic gain.
