Cyber Incident Victim: NASA Jet Propulsion Laboratory
Date:
Jan 2006
Location:
United States of America
Summary
Chinese state-sponsored hackers associated with the APT10 group conducted a decade-long cyber espionage campaign targeting managed service providers, technology firms, and government entities to steal intellectual property and sensitive business data. The attackers compromised IT infrastructure to access victim networks globally, exfiltrating hundreds of gigabytes of proprietary information across diverse sectors including aviation, satellite technology, healthcare, telecommunications, and energy exploration. The operation involved leveraging MSP access to infiltrate client systems and systematically harvest confidential technological and commercial data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
The indictment unsealed on December 20, 2018, charged Chinese nationals Zhu Hua and Zhang Shilong with conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft as members of the Advanced Persistent Threat 10 (APT10) hacking group. Operating from at least 2006 through 2018, the defendants conducted cyber intrusions while associated with Huaying Haitai and the Tianjin State Security Bureau, a regional branch of China's Ministry of State Security. APT10, also known as Red Apollo, Stone Panda, and POTASSIUM, executed two primary campaigns: the Technology Theft Campaign targeting intellectual property across multiple sectors since 2006, and the Managed Service Provider (MSP) Theft Campaign beginning in 2014 to compromise IT management firms globally. The group registered malicious IT infrastructure to facilitate intrusions into systems containing confidential business data, technological research, and government information. Victims included more than 45 U.S. technology companies across twelve states, multiple U.S. government agencies, and MSP clients worldwide.
APT10's Technology Theft Campaign systematically exfiltrated hundreds of gigabytes of sensitive data from entities involved in aviation, satellite and maritime technology, industrial automation, pharmaceuticals, and oil and gas exploration. The MSP Theft Campaign compromised service providers to gain unauthorized access to downstream client networks, enabling theft of proprietary data across healthcare, biotechnology, telecommunications, and financial sectors. Targeted technologies included computer processor designs, laboratory instruments, medical equipment, and automotive supply chains. The U.S. Department of Justice documented intrusions against space and satellite technology entities, though specific agency names beyond "U.S. government agencies" were not disclosed in the indictment. Prosecutors emphasized the decade-long scale of data theft, which continued through 2018, with Zhu and Zhang directly participating in infrastructure setup and intrusion operations. No victim remediation details or containment measures were described in the charging documents.