Introduction
menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Securityβs (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company. DOJ APT10 Dec 2018 District Court of NY APT10 Indictment December 2018 menuPass has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university. Palo Alto menuPass Feb 2017 Crowdstrike CrowdCast Oct 2013 FireEye Poison Ivy PWC Cloud Hopper April 2017 FireEye APT10 April 2017 DOJ APT10 Dec 2018 District Court of NY APT10 Indictment December 2018
Activities and Tactics
Targeted Sectors: Private sector, Government
Country of Origin: π¨π³ China
Incident Type: Espionage
Suspected Victims: Japan, India, South Africa, South Korea, Sweden, United States, Canada, Australia, France, Finlandβ¦
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- SPACESHIP:
- CloudDuke:
- PoisonIvy:
- CyberGate:
- Cyber Eye RAT:
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] DOJ APT10 Dec 2018 [3] District Court of NY APT10 Indictment December 2018 [4] Palo Alto menuPass Feb 2017 [5] Crowdstrike CrowdCast Oct 2013 [6] FireEye Poison Ivy [7] PWC Cloud Hopper April 2017 [8] FireEye APT10 April 2017