FireEye has detected APT10 activity across six continents in 2016 and 2017. APT10 has targeted or compromised manufacturing companies in India, Japan and Northern Europe; a mining company in South America; and multiple IT service providers worldwide.
APT10 is a Chinese cyber espionage group that FireEye has tracked since 2009. They have historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan.
This recent APT10 activity has included both traditional spear phishing and access to victim’s networks through service providers. Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider’s customer. In addition, web traffic between a service provider’s customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to exfiltrate data stealthily.
“IT services have been a core engine of India’s economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organizations. Campaigns like this highlight risks which all organizations should factor into their operations,” said Kaushal Dalal, Managing Director for India at FireEye.