FireEye has revealed that Chinese cyber espionage group APT10 – a Chinese Cyber-Espionage group also known as MenuPass – had targeted attacks on a Japanese government agency, manufacturer, and a company in the media and entertainment industry in early 2017.
The group which has been active since at least 2009.
APT10 has been developing a worldwide cyber-attack campaign to boost China’s national security objectives, including important military intelligence information and the theft of sensitive information to support Chinese companies. In early 2017, APT10 conducted an attack campaign aimed at domestic companies and organisations. Backdoor malware was detected, such as HAYMAKER and BUGJUICE, which FireEye analysts believe to be specific to APT10. In addition, it is presumed that the same sponsoring organisation continues to support APT10 because the target setting method is well matched with the past technique.
In the early 2017 attacks, a spear-phishing attack using social engineering induces recipients to open malicious files. This approach is consistent with the group’s attack technique, which was performed in the past by Japan researchers and Nordic industrial equipment manufacturers.
Attacks include:
- APT10 sent an email related to an annual budget lure for scientific research to a Japanese government agency to deliver HAYMAKER malware in Janauary 2017.
- APT10 targeted a Japanese manufacturer with an email lure related to China’s defense strategy and news events such as the assassination of Kim Jong-Nam.
- APT10 targeted a Japanese company in the media and entertainment industry.
- APT10 has been successful in implementing intrusions into private and public sector systems, and is expected to continue attacks by introducing new tactics and techniques. FireEye observed a decline in attacks on American firms by China-based groups since the agreement at the U.S.-China summit in 2015. On the other hand, there has been an increase in the number of attacks on China and the country bordering on border and territorial waters, prompting attention to further activation of advanced threat activities in the Asia-Pacific region.
John Watters, Executive Vice President of Global Services and Intelligence at FireEye said, “Cyber espionage activity continues to escalate globally. In particular, efforts against Japan have intensified in recent years. This increased activity is fueled in part by China’s diminished targeting of the West and the reallocation of those resources against Japan and other regional targets. Japanese organizations should adopt an intelligence-led security platform so they can better understand the threat environment in which they operate in order to effectively counter it.”
For more information on APT10, please see the release released in April by FireEye. It also explains the new attack method through the service provider: https://www.fireeye.jp/company/press-releases/2017/APT10-menupass-group.html
About FireEye, Inc.
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 5,800 customers across 67 countries, including more than 40 percent of the Forbes Global 2000.
