The following information is being provided by the FBI, with no guarantees or warranties, for potential use at the sole discretion of recipients in order to protect against cyber threats. This data is provided in order to help cyber security professionals and system administrators to guard against the persistent malicious actions of cyber criminals.
This FLASH has been released TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
Chinese APT10 intrusion activities target Government, Cloud-Computing Managed Service Providers and Customer networks worldwide. The following information was obtained through FBI investigations and is provided in accordance with the FBI’s mission and policies to prevent and protect against federal crimes and threats to the national security.
The FBI is providing the following information with HIGH confidence:
SUMMARY:
The FBI obtained information regarding a group of Chinese APT cyber actors stealing high value information from commercial and governmental victims in the U.S. and abroad. This Chinese APT group is known within private sector reporting as APT10, Cloud Hopper, menuPass, Stone Panda, Red Apollo, CVNX and POTASSIUM. This group heavily targets managed service providers (MSP) who provide cloud computing services; commercial and governmental clients of MSPs; as well as defense contractors and governmental entities. APT10 uses various techniques for initial compromise including spearphishing and malware. After initial compromise, this group seeks MSP administrative credentials to pivot between MSP cloud networks and customer systems to steal data and maintain persistence. This group has also used spearphishing to deliver malicious payloads and compromise victims.
WE NEED YOUR HELP! If you find any of these indicators on your networks, or have related information, please contact FBI CYWATCH immediately. Email: cywatch@fbi.gov Phone: 1-855-292-3937