APT10 is an Advanced Persistent Threat, a criminal group that has been responsible for numerous digital crimes. APTs like APT10 carry out prolonged attacks on specific targets and are often backed by governments or large resources. APT10 attacks' purpose seems to be espionage, to obtain privileged information from the targeted individuals and institutions. It is very likely that APT10 is linked to the Chinese government and has been responsible for numerous attacks on various perceived adversaries of the Chinese government.
APT10 is Active Since 2009
PC security researchers have been observing APT10 for a while, which allowed them to obtain information about how APT10 operates and their intended targets. APT10 has numerous names, but it is known by this numbering system as agreed upon by various security researchers currently. APT10 was first observed in 2009, carrying out attacks linked to the Chinese government. APT10 has been often related to research linked to the Chinese Ministry of State Security or MSS. These attacks are commonly used to target people involved in trade negotiations, research, and development in companies that are competing with Chinese economic interests, politicians and diplomats of rival nation-states. One high-profile attack that was associated with APT10 targeted the National Foreign Trade Council, a trade lobby group located in the United States.
Tools and Malware Commonly Deployed by the APT10 Attacks
APT10 uses various, different malware threats and tools in its attacks. The criminals associated with APT10 will often use Scanbox, a malware threat that has been observed in targets in the industrial sector, as well as political dissidents in China. Malware analysts also have associated various RATs (Remote Access Tools) and Trojans with APT10, including threats like Sogu, PlugX and PoisonIvy. These are threats that were first developed by Chinese-sponsored criminal groups that since then have been sold and distributed to other criminal groups around the world. Because of this, the use of this malware does not mean that it was carried out by APT10 or an affiliated group specifically. In other words, while APT10 will often use these malware tools, the use of them does not mean that APT10 is behind the attack necessarily.
Common Targets of APT10 and Similar Criminal Organizations
Individual computer users are unlikely to become targets of APT10 unless they are linked to common targets of the Chinese government. PC security analysts have associated APT10 attacks with construction firms, engineering companies, companies in the aerospace sector, telecommunications firms and government institutions. APT10 attacks require significant resources to be carried out so that it is unlikely that they would carry out an attack outside of these targets unless there were some potential reward for the Chinese government. APT10 have shifted their resources to attacking Managed Service Providers (MSP) rather than the main targets themselves gradually, in an attempt to obtain sensitive data from a third-party that may be more vulnerable rather than from the high-profile targets themselves.
Establishing Protections against the APT10 Attacks
APT10 attacks, despite their resources, do not differ all that much from other malware attacks. The same protections against most malware attacks apply to APT10. Some examples of protections include having strong security software, ensuring that all software and hardware are protected properly, and educating employees about online hygiene. This last point is crucial especially since the vast majority of APT10 and other malware attacks generally leverage social interactions and trick inexperienced computer users and individuals into interacting with some threatening software or potentially unsafe means of delivering code to victims.