APT10

APT10 is a Chinese group that has been around since early 2009. Their primary mission seems to be targeting defense contractors around the world. Some other names they go by are Potassium and Red Apollo.

 

Cyber Espionage is no easy feat, thus this actor is categorized as an expert-level actor. APT10 has an arsenal of skills at their disposal including creating and maintaining malicious tools containing malware.

Tactics

Typical with cyber espionage at a global level, APT10 is very capable of gathering a great deal of network information through reconnaissance. Once in, they are very silent with lateral movements, and sending data out of the network.

Techniques

Some techniques used for recon and initial compromise include advanced spear phishing from a known email domain (spoofed), and creating fake video game advertising emails as well.

Tools

Popular tools used by APT10 include Haymaker backdoor, Scanbox, and the Bug Juice backdoor

Targets

Main targets for APT 10 are any government entities, defense contractors, healthcare and U.S. Lobby groups,  agencies or groups in major countries including the US, France and Germany being of the largest.