top of page
Writer's pictureThe DigitalBank Vault

APT10: The Chinese Hacking Group



According to the US Justice Department, two Chinese men and their associates have been hacking into state and commercial computer networks for more than a decade


List of victims reads like a who’s who of the global economy, FBI director says .


So who knew about APT10?


Cybersecurity analysts have been following the activities of the alleged hackers for many years, but the first public reference to APT10 was made by FireEye in a 2013 report.


Titled “Poison Ivy”, the report identified APT10 as an affiliate domain name to “menuPass”, a group that was known to have been targeting US and other defence contractors since at least 2009.


In 2017, PwC’s cybersecurity practice and British multinational defence company BAE Systems published a report, in cooperation with Britain’s National Cyber Security Centre, that claimed to have uncovered a hacking campaign – “Operation Cloud Hopper” – led by APT10.


The report said members of the group targeted MSPs so they could gain access to the intellectual property and sensitive data of their clients around the world.

According to the US indictment, Zhu and Zhang have been charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft.


Who are the alleged hackers?

APT10 – or Advanced Persistent Threat 10 – is the name given to a group of Chinese hackers first identified by US cybersecurity firm FireEye.

Widely known within the cybersecurity community, the group is one of several that share the “APT” tag, indicating their willingness to pursue targets over long periods of time. APT10 also goes by the names “Red Apollo” and “Stone Panda”.

According to FBI director Christopher Wray, Zhu and Zhang acted on behalf of China’s state security bureau from a base in Tianjin, a major port city about 130km (80 miles) southeast of the capital Beijing.


The indictment said the pair worked for Huaying Haitai Science and Technology Development Co, a company described by an online Chinese business directory as being involved in the development of e-commerce websites and network operations.

The FBI said Zhu and Zhang are believed to be in China but it will seek their arrest if they ever leave the country.


What is the difference between the DigitalBank Vault and other secure communication devices ?


The DigitalBank Vault does not store and has no way to store data,information, keys, passwords or any other form of memory .
No information can be ever retrieved ,no matter what forensic tools are used .
No Voice calls or Text Messages can be ever intercepted, read, listened to or recorded, because the communication system is end to end encrypted with a one time key ,and 100% Peer to Peer , without any third party server's involvement .

What is APT10 accused of doing?


The group is said to have engaged in multiple hacking campaigns into computer systems around the world since at least as early as 2006, two of which were specifically referred to in the indictment.

The first, known as the “Technology Theft Campaign”, began in or about 2006 and involved the group gaining access to the computer networks of more than 45 technology companies and US government agencies, in order to steal information about various technologies.


The group is said to have taken “gigabytes of sensitive data” from firms involved in the fields of aviation, space and satellite, manufacturing, pharmaceuticals, oil and gas exploration, communications, computer processor and maritime, it said.


Among the government targets of the hacking campaign were the NASA Goddard Space Centre and Jet Propulsion Laboratory and the US Department of Energy’s Lawrence Berkeley National Laboratory, the indictment said.


The group also compromised more than 40 computers belonging to the US navy, and stole the personal information of more than 100,000 personnel.


More recently, beginning in or about 2014, APT10 engaged in an intrusion campaign to obtain unauthorised access to the computer networks of managed service providers (MSPs) for businesses and governments around the world.


Over the course of the “MSP Theft Campaign” the group accessed computers providing services to or belonging to victim companies in at least 12 countries, namely Brazil, Britain, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, and the United States.


According to the indictment, the victim companies were involved in the fields of global finance, telecommunications, consumer electronics, manufacturing, healthcare, biotechnology, mining, automotive supplies and drilling.


While the document did not identify specific companies, a Reuters report cited multiple sources as saying the hackers breached the networks of Hewlett Packard Enterprise and IBM, then used the access to hack into their clients’ computers and steal data.


“The list of victim companies reads like a who’s who of the global economy,” Wray said.

26 views0 comments

コメント


bottom of page