Stone Panda, APT 10, menuPass

[2016-09] spear-phishing Attack (method: The Attackers Spoofed Several Sender Email Addresses To Send Spear-phishing Emails, Most Notably Public Addresses Associated With The Sasakawa Peace Foundation And The White House. (target: Japanese Academics Working In Several Areas Of Science, Along With Japanese Pharmaceutical And A Us-based Subsidiary Of A Japanese Manufacturing Organizations. (https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/)

[2016] operation �cloud Hopper� (the Campaign, Which We Refer To As Operation Cloud Hopper, Has Targeted Managed It Service Providers (msps), Allowing Apt10 Unprecedented Potential Access To The Intellectual Property And Sensitive Data Of Those Msps And Their Clients Globally. A Number Of Japanese Organizations Have Also Been Directly Targeted In A Separate, Simultaneous Campaign By The Same Actor (https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf (https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/ (https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061)

[2016/2017] leveraging Its Global Footprint, Fireeye Has Detected Apt10 Activity Across Six Continents In 2016 And 2017. Apt10 Has Targeted Or Compromised Manufacturing Companies In India, Japan And Northern Europe; A Mining Company In South America; And Multiple It Service Providers Worldwide. We Believe These Companies Are A Mix Of Final Targets And Organizations That Could Provide A Foothold In A Final Target. (https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html)

[2017-02] operation �tradesecret� (the National Foreign Trade Council (nftc) Website Was Allegedly Infiltrated By Chinese Nation-state Threat Actors, According To A New Report From Fidelis Cybersecurity. The Attack Against The Nftc Site Has Been Dubbed �operation Tradesecret� By Fidelis And Is Seen As An Attempt To Gain Insight Into Individuals Closely Associated With U.s Trade Policy Activities. (https://www.eweek.com/security/chinese-nation-state-hackers-target-u.s-in-operation-tradesecret)

[2017] operation �chessmaster� (take For Instance The Self-named Chessmaster, A Campaign Targeting Japanese Academe, Technology Enterprises, Media Outfits, Managed Service Providers, And Government Agencies. It Employs Various Poisoned Pawns In The Form Of Malware-laden Spear-phishing Emails Containing Decoy Documents. (https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/)

[2017] operation �soft Cell� (earlier This Year, Cybereason Identified An Advanced, Persistent Attack Targeting Telecommunications Providers That Has Been Underway For Years, Soon After Deploying Into The Environment. (the Threat Actor Was Attempting To Steal All Data Stored In The Active Directory, Compromising Every Single Username And Password In The Organization, Along With Other Personally Identifiable Information, Billing Data, Call Detail Records, Credentials, Email Servers, Geo-location Of Users, And More. (https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers)

[2017-11] targeted Norwegian Msp And Us Companies In Sustained Campaign (a Sustained Cyberespionage Campaign Targeting At Least Three Companies In The United States And Europe Was Uncovered By Recorded Future And Rapid7 Between November 2017 And September 2018. (https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf)

[2018] operation �new Battle� (this Report Provides A Technical Overview Of The Bespoke Redleaves Implants Leveraged By The Actor In Their �new Battle� Campaign. (https://www.accenture.com/t20180423t055005z_w_/se-en/_acnmedia/pdf-76/accenture-hogfish-threat-analysis.pdf (https://www.us-cert.gov/sites/default/files/publications/ir-alert-med-17-093-01c-intrusions_affecting_multiple_victims_across_multiple_sectors.pdf)

[2018-07] attack On The Japanese Media Sector (in July 2018, Fireeye Devices Detected And Blocked What Appears To Be Apt10 (menupass) Activity Targeting The Japanese Media Sector. (https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html)

[2019-01] breach Of Airbus (https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680)

[2019-03] operation �a41apt� (https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/ (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage)

[2019-04] in April 2019, Ensilo Detected What It Believes To Be New Activity By Chinese Cyber Espionage Group Apt10. The Variants Discovered By Ensilo Are Previously Unknown And Deploy Malware That Is Unique To The Threat Actor. (https://blog.ensilo.com/uncovering-new-activity-by-apt10)

[2019-10] japan-linked Organizations Targeted In Long-running And Sophisticated Attack Campaign (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage)

[2021-02] chinese Hackers Target Indian Vaccine Makers Sii, Bharat Biotech, Says Security Firm (https://www.cnbctv18.com/healthcare/chinese-hackers-target-indian-vaccine-makers-sii-bharat-biotech-says-security-firm-8461981.htm)

[2021-11] operation �cache Panda� (a Hacking Group Affiliated With The Chinese Government Is Believed To Have Carried Out A Months-long Attack Against Taiwan�s Financial Sector By Leveraging A Vulnerability In A Security Software Solution Used By Roughly 80% Of All Local Financial Organizations. (https://therecord.media/chinese-hackers-linked-to-months-long-attack-on-taiwanese-financial-sector/)

[2022-02] cicada: Chinese Apt Group Widens Targeting In Recent Espionage Activity (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks