APT10 Stone Panda – Operation Cloud Hopper
On 3 Apr 2017, the National Cyber Security Centre (NCSC) briefed major UK businesses about a significant Chinese Cyber-Espionage Threat called APT10, also known as Stone Panda.
- APT10, are operating a campaign called ‘Cloud Hopper’, which is actively targeting Managed Service Providers (MSPs) in order to steal their client’s NCSC has stated UK MSPs were known to be infiltrated, however they are not naming them.
- The Cloud Hopper campaign focuses on sending malware infected emails to staff at Managed Service Providers (MPS). Once executed the malware creates a backdoor which allows the attacker remote access to the MSP’s backend systems. From there the attackers are able to navigate the MSP network and identify external connections with the MSP clients, which are their actual targets. These network channels are then used to steal data from those clients, data which is packaged and exhilarated through the MSP remote connection. These backdoors are known to remain undetected for months, due to tailored malware which is undetectable by anti-virus and security monitoring
- PwC and BAE Systems have been assisting NCSC and have produced a list of IP addresses and MD5 hash files associated with Cloud Hopper attacks. These can be used to detect (scan) and prevent (monitor) against the Cloud Hopper