Chinese Aggressions

Chinese Hackers Conduct Mass-Scale Espionage Attack On Global Cellular Networks
By Zak Doffman

An Israeli-U.S. cybersecurity firm released a new report on Monday evening, claiming that Chinese hackers had compromised the systems of at least ten cellular carriers around the world to steal metadata related to specific users. 

None of the affected carriers or targeted individuals have been named.
Cybereason claimed that the sophistication and scale of the attack, which they have dubbed Operation Softcell, bear the hallmarks of a nation-state action and that the individual targets—military officials and dissidents—tie to China. 

All of which points to the Chinese government as the culprit. 

The affected carriers were in Europe, Africa, the Middle East and Asia. 

None were thought to be in the United States.
"The advanced, persistent attack targeting telecommunications providers," the company said, "has been active since at least 2017... The Chinese were attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more."
The attack was described in the report as a "game of cat and mouse between the Chinese and the defenders." 

As soon as the compromise [of] critical assets, such as database servers, billing servers, and the active directory" was detected, "the Chinese stopped the attack" only to resume later.
The implications of China "infiltrating into the deepest segments of providers’ network, including some isolated from the internet," enabling hackers to "compromise critical assets and steal communications data of specific individuals in various countries" are extremely significant. 

It suggests almost open access for intelligence harvesting.
Cybereason also pointed out that "even though the attacks targeted specific individuals, any entity that possesses the power to take over the networks of telecommunications providers can potentially leverage its unlawful access and control of the network to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation."
According to the Wall Street Journal, "Cybereason Chief Executive Lior Div gave a weekend, in-person briefing about the hack to more than two dozen other global carriers. For the firms already affected, the response has been disbelief and anger, Mr. Div said. 'We never heard of this kind of mass-scale espionage ability to track any person across different countries'."

The nature of the data harvested in the attack is of real value to intelligence agencies, which analyze the metadata for patterns. 

Even if the call or messaging content is not retrieved, analysis of who talks to who and when and how often and for how long and from where is a rich seam to be mined. 

In essence, every piece of metadata collected by the networks from registered smartphones was potentially vulnerable. 

And once the network's core security was compromised, the threat became almost internal in nature.
In the U.S. and U.K., when national intelligence agencies "hoover up" such data or campaign for additional collection legislation to enable them to do so, there is inevitably a privacy backlash. 

And this collection campaign has gone beyond anything a national agency would campaign for. 

The WSJ reported that "Operation Soft Cell gave Chinese hackers access to the carriers’ entire active directory, an exposure of hundreds of millions of users... [with] the hackers creating high-privileged accounts that allowed them to roam through the telecoms’ systems, appearing as if they were legitimate employees."
Cybereason pointed towards China's APT10—Advanced Persistent Threat 10—as the likely hackers behind this attack. 

The group is known for long-term, persistent threat campaigns, harvesting information as might an actual agency. 

And this campaign is thought to have been running for as long as seven years. 

Coincidentally, NASA, one of the previous targets of APT10, confirmed in recent days that it had also been hacked, a compromise which again bears nation-state hallmarks.
"Cybereason said it couldn't be ruled out that a non-Chinese actor mirrored the attacks to appear as if it were APT 10," reported the WSJ, "as part of a misdirection. But the servers, domains and internet-protocol addresses came from China, Hong Kong or Taiwan... All the indications are directed to China."

FireEye and Crowdstrike, the cybersecurity firms that have painted the most complete profile of APT10, told Wired that "they couldn't confirm Cybereason's findings, but that they have seen broad targeting of cellular providers, both for tracking individuals and for bypassing two-factor authentication, intercepting the SMS messages sent to phones as a one-time passcode."
Two hackers allegedly linked to APT10 were indicted on federal charges in the U.S. last year.
The fact that a Chinese state hacking outfit has targeted cellphone metadata will clearly be tied to the ongoing U.S. campaign against Chinese telecoms equipment manufacturers in general, and Huawei in particular. 

The argument will now run that this is exactly the kind of vulnerability that becomes exposed if the Chinese government uses its influence over domestic companies to pull intelligence from overseas.
"We’ve concluded with a high level of certainty," Cybereason claimed on issuing its report, "that the threat actor is affiliated with China and is state-sponsored. The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor operating on behalf of the Chinese Ministry of State Security."

Nation of Thieves

U. S. charges Chinese hackers in theft of vast trove of confidential data in 12 countries

By Ellen Nakashima and David J. Lynch

Prosecutors unsealed an indictment charging two Chinese with computer hacking attacks on a wide range of U.S. government agencies and corporations. 

The United States and four of its closest allies on Thursday blamed China for a 12-year campaign of cyberattacks that vacuumed up technology and trade secrets from corporate computers in 12 countries, affecting almost every major global industry.
The coordinated announcements in five capitals marked the Trump administration’s broadest anti-China initiative to date, yet it fell short of even stronger measures that officials had planned.
During debate, Treasury Secretary Steven Mnuchin blocked a proposal to impose financial sanctions on those implicated in the hacking, according to five sources familiar with the matter. 

Two administration officials said Mnuchin acted out of fear that sanctions would interfere with U.S.-China trade talks.
The centerpiece of Thursday’s synchronized accusations came in Washington, where the Justice Department unveiled indictments against two Chinese hackers, who it said acted “in association with” the Chinese Ministry of State Security (MSS).
Zhu Hua and Zhang Shilong, members of a hacking squad known as “Advanced Persistent Threat 10” or “Stone Panda,” were accused of conspiracy to commit computer intrusions, wire fraud and aggravated identity theft while pilfering “hundreds of gigabytes” of confidential business data, the indictment said.
“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal methods to get there,” said FBI Director Christopher A. Wray.
U.S. allies echoed the Justice Department action, signaling a growing consensus that Beijing is flouting international norms in its bid to become the world’s predominant economic and technological power.

Xi Jinping's empty promises

In the capitals of the United Kingdom, Australia, Canada and New Zealand, ministers knocked China for violating a 2015 pledge — offered by Chinese dictator Xi Jinping in the White House’s Rose Garden and repeated at international gatherings such as the Group of 20 summit — to refrain from hacking for commercial gain.
“This campaign is one of the most significant and widespread cyber intrusions against the U.K. and allies uncovered to date, targeting trade secrets and economies around the world,” British Foreign Secretary Jeremy Hunt said in a statement.
Still, some administration allies were skeptical that Thursday’s announcement would alter China’s behavior.

Deputy Attorney General Rod J. Rosenstein announces on Thursday the indictments of two Chinese for hacking attacks. 

“Just as when the Obama administration did it, indicting a handful of Chinese agents out of the tens of thousands involved in economic espionage is necessary but not important,” said Derek Scissors, a China analyst at the American Enterprise Institute. 

“International denouncements may irritate Xi, but they place no real pressure on him.”
Scissors said it would be more effective for the United States to hit high-profile Chinese companies with financial sanctions, including potential bans on their ability to do business with American companies.
The five governments that joined in the statements about China are partners in the “Five Eyes” intelligence alliance, sharing some of their most closely guarded technical and human reporting.
The foreign ministries of Denmark, Sweden and Finland tweeted statements saying they shared the concerns over rampant cyberespionage against corporations.
The united front against Chinese hacking and economic espionage stands in contrast to the “America First” president’s preference for taking a unilateral course to many of his trade goals.
“This demonstrates there’s a strong well of international support the United States can tap... Countries are fed up,” said Ely Ratner, executive vice president of the Center for a New American Security.
The hackers named in the indictment presided over a state-backed campaign of cybertheft that targeted advanced technologies with commercial and military applications. 

They also hacked into companies called “managed service providers,” which act as gatekeepers to computer networks serving scores of corporate clients.
The Chinese targeted companies in the finance, telecommunications, consumer electronics and medical industries, along with U.S. government laboratories operated by the National Aeronautics and Space Administration and the military.
Along with the United States and the United Kingdom, countries targeted by China include Canada, France, Germany, Japan, Sweden and Switzerland.
“The list of victim companies reads like a who’s who of the global economy,” said Wray.
The Stone Panda team made off with personal information, including Social Security numbers belonging to more than 100,000 U.S. Navy personnel.
The hackers employed a technique known as “spear-phishing,” tricking computer users at the business and government offices into opening malware-infected emails giving them access to log-in and password details.
They worked out of an office in Tianjin, China, and engaged in hacking operations during working hours in China.
Geoffrey Berman, the U.S. attorney for the Southern District of New York, called the Chinese ­cyber-campaign “shocking and outrageous.”
Over the past seven years, more than 90 percent of cases alleging economic espionage involved China as did more than two-thirds of trade-secret theft prosecutions, according to Deputy Attorney General Rod J. Rosenstein.
The industries targeted in the Stone Panda hacks are featured in the Chinese government’s Made in China 2025 program, which aims to supplant the United States as the global leader in 10 advanced technologies including artificial intelligence, robotics and quantum computing, Rosenstein added.

In November, in one of his last official actions, then-Attorney General Jeff Sessions announced a major initiative to combat Chinese commercial spying, building on four years of prosecutorial effort. The department vowed to aggressively pursue trade-secret theft cases and identify researchers and defense industry employees who have been “co-opted” by Chinese agents seeking to transfer technology to China.
While the show of anti-China unity was notable, the administration pulled back from plans for tougher action after warnings from the treasury secretary.
Mnuchin’s 11th-hour intervention left administration officials fearing Beijing would view the limited actions as a sign that Trump lacks the stomach for an all-out confrontation.
“We don’t comment on sanctions actions or deliberations, but it’s important to note that these issues are completely separate from trade,” said a Treasury Department spokesman asked to comment on the reports.
The administration’s action entailed statements from four Cabinet agencies — Justice, State, Energy and Homeland Security — while Treasury remained on the sidelines.
The condemnations also pose a complication as Trump and Xi seek to negotiate a trade deal. 

Over dinner in Buenos Aires earlier this month, the two leaders agreed to a truce in their months-long tariff war.
Talks between U.S. and Chinese diplomats are expected to begin early next month.
The Trump administration is seeking a deal that would involve structural changes to China’s state-led economic model, greater Chinese purchases of American farm and industrial products and a halt to what the United States says are coercive joint-venture licensing terms.
The indictments were followed by a joint statement from Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen that assailed China for violating Xi’s landmark 2015 pledge to refrain from hacking U.S. trade secrets and intellectual property to benefit Chinese companies.
“These actions by Chinese actors to target intellectual property and sensitive business information present a very real threat to the economic competitiveness of companies in the United States and around the globe,” they said.
Thursday’s push to confront China over its cyber-aggression comes at a fraught time, as Canada has arrested a Chinese telecommunications executive at the United States’ request on a charge related to violating sanctions against Iran.

Born to Spy

China uses the cloud to step up spying on Australian business
By Nick McKenzie, Angus Grigg & Chris Uhlmann

China’s peak security agency has directed a surge in cyber attacks on Australian companies over the past year, breaching an agreement struck between Li Keqiang and former Prime Minister Malcolm Turnbull to not steal each other’s commercial secrets.
A Fairfax Media/Nine News investigation has confirmed that China’s Ministry of State Security is responsible for what is known in cyber circles as “Operation Cloud Hopper”, a wave of attacks detected by Australia and its partners in the Five Eyes intelligence sharing alliance.

China's Ministry of State Security is overseeing a massive hacking operation of large Australian businesses. 

A senior Australian Government source described China’s activity as “a constant, significant effort to steal our intellectual property”.
The cyber theft places intense pressure on the Morrison government to respond either via law enforcement, diplomatic channels or public advocacy, in order to uphold the cyber security pact signed between the two countries only last year.
The US Department of Justice has ramped up its investigation and prosecution of Chinese cyber hackers this year, and over the weekend US Vice President Mike Pence again accused China of “intellectual property theft” as part of an escalating trade and strategic battle with Beijing.
The Australian Federal Police and Australian Security Intelligence Organisation have stepped up their cooperation to respond to the threat, according to a senior police source, although they are many months behind the US operation.
Without enforcement, there was no effective deterrence, said one national security source.
Other sources said the Australian Signals Directorate has detected attacks against several Western businesses, although the names of the affected firms have not been made public. 

The ASD works with the other Five Eyes countries – the US, Canada, UK and New Zealand – on cyber security issues.
A spokesman for the federal government said Australia condemns the cyber enabled theft of intellectual property for commercial gain from any country.
"The Coalition Government has been active in strengthening Australia’s capability to detect and respond to cyber enabled threats and is committed to ensuring businesses and the Australian community are resilient to cyber-attacks," the spokesman said.
One major irritation, raised by several police and intelligence officials, was that Australian companies and universities failed to heed repeated warnings to harden their security against both criminals and attacks directed by nation states.
These state actors are called advanced persistent threats because they work over months or years, adapt to defences and often strike the same victim multiple times. 

One of the most active Chinese adversaries has been dubbed “APT10”, while “Cloud Hopper” refers to the technique used by this group as they “hop” from cloud storage services into a company’s IT system.
In this case the Chinese penetrated poorly secured IT service providers, to which Australian firms had outsourced their IT. 

The targets include cloud storage companies and helpdesk firms in North America and Asia. 

The initial penetration by the Cloud Hopper team allowed the hackers to enter the IT systems of Australian companies.

Adrian Nish, BAE Systems’ Head of Threat Intelligence, said the APT10/Cloud Hopper attacks had focussed on the mining, engineering and professional service companies.
“It is still active. We have evidence of [Cloud Hopper] again actively compromising managed service providers,” he said.
The theft of intellectual property is part of China’s broader industrial policy to match the US’s technological edge by 2025. 

The theft can shorten the research and development process and give Chinese companies a crucial market edge. 

They can also acquire sensitive information around pricing and corporate activity.
A national security official said the Turnbull-Li agreement had initially led to a significant reduction in cyber espionage from China. 

The US experienced a comparable drop-off in attacks after former President Barack Obama struck a similar agreement with Chinese dictator Xi Jinping in 2015.
A former senior Government official familiar with the cyber security agreement said: “The way these things usually go with the Chinese is they behave themselves for a while before they go back to being bad”.

Chinese empty promises -- "Australia and China agreed that neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of obtaining competitive advantage," the Prime Minister's office said in a brief statement.

The attacks on Australian firms since the start of this year, including Cloud Hopper activity, showed the bilateral agreement was being ignored.
Security officials and cyber experts, including Mike Sentonas a vice president at US firm CrowdStrike, have linked the Cloud Hopper hackers to the Ministry of State Security.
“We noticed a significant increase in attacks in the first six months of this year. The activity is mainly from China and it's targeting all sectors,” he said.
“There’s no doubt the gloves are off.”
Dr Nish from BAE, who has published the most comprehensive report on Cloud Hopper, said he discovered that attacks on multiple clients appeared to be part of the same campaign of “espionage activity”.
“It was clear it was a much bigger campaign,” Dr Nish said.
BAE referred it to the UK’s National Cyber Security Centre, who referred it to their Australian counterparts at ASD. 

While Dr Nish declined to confirm the Cloud Hopper attack was directed by Chinese intelligence services, he said there was “no reason to doubt” those who claimed it was.
He said that while outsourcing IT functions was a sensible business decision, Australian firms needed to ask “tough questions” of managed service providers. 

Some providers offered cheaper IT services because they scrimped on their own security, effectively allowing a backdoor into their clients' IT systems.
In October, the US Department of Justice provided a case study on Chinese hacking within a 21-page indictment naming the MSS and accusing the MSS and its provincial counterparts of hacking an Australian domain name provider in order to access computer systems at aviation companies in the United States and Europe.
Under direction from the MSS, the hackers are accused of either creating fake domain names or redirecting existing domain names to malicious addresses.
The MSS is headquartered in Beijing but has extensive provincial operations and is regarded by western intelligence services as a sophisticated outfit able to combine human intelligence with the advanced cyber capabilities.
Previously, Unit 61398 of the People’s Liberation Army was viewed as the main vehicle for China’s efforts to steal commercial secrets after being named by cyber security firm Mandiant in 2014.
But since a reorganisation of China’s armed forces in 2015, the PLA cyber units are believed to have refocused on military and political intelligence, leaving commercial espionage to the MSS.

China Cyberspies Mined Japan Firms for North Korea Secrets

• Lure related to defense industry suggests possible motive
• Hackers left text in malware mocking security researchers

By David Tweed

Chinese hackers have targeted Japanese defense companies, possibly to get information on Tokyo’s policy toward resolving the North Korean nuclear impasse, according to cybersecurity firm FireEye Inc.
The attacks are suspected to come from a group known as APT10, a Chinese espionage group that FireEye has been tracking since 2009. 

One of the lures used in a “spear-phishing” email attack was a defense lecture given by former head of UNESCO, Koichiro Matsuura. 

Two attacks took place between September and October 2017.
“Lure content related to the defense industry suggests that a possible motive behind the intrusion attempt is gaining insider information on policy prescription to resolve the North Korean nuclear issue,” said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye.
China’s Ministry of Foreign Affairs didn’t respond to a faxed request for comment Friday. 

The suspected attacks coincided with a dramatic escalation in tensions over North Korea’s nuclear weapons program as Kim Jong Un tested a hydrogen bomb and U.S. President Donald Trump threatened to “totally destroy” the country. 

The U.S. and Japan have been coordinating their diplomatic and military pressure campaigns against the country, and neighboring China is anxious to avoid a clash on its border.
Tensions have eased since the two Koreas started talking ahead of the Winter Olympics and Winter Olympics and Trump granted an unprecedented meeting with the North Korean leader. 

Earlier this month, the foreign ministers of China and Japan agreed to work closely to push the regime to surrender its nuclear weapons program, although Japanese officials continue to express skepticism about Kim’s willingness to make a deal.

Multiple Attacks
The latest cyberattacks mirror other recent hacks with geopolitical overtones investigated by FireEye. Among the most recent, a wave of incursions on mainly U.S. engineering and defense companies linked to the South China Sea, where China’s claims for more than 80 percent of the water clash with five other nations. 

In 2016, the website of Taiwan’s Democratic Progressive Party was attacked months after the party won elections, securing its leader Tsai Ing-wen the presidency.
“We believe APT10 is primarily tasked with collecting critical information in response to shifts in regional geopolitics and frequently targets organizations with long research and development cycles,” Boland said, citing firms in construction and engineering, aerospace and military, telecommunications and high-tech industries.
In an unusual development, the hackers inserted lines of text in the malware associated with the Japanese attacks mocking the security researchers. 

Such gems included, “I’m here waiting for u,” “POWERED BY APT632185, NORTH KOREA,” and “According to the analysis report, some Japanese analysts have always been portrayed as a bit of joke.”
Also under attack since November 2017 have been Japanese healthcare companies. 

“China’s new push on pharmaceutical innovation as a national priority, along with rising cancer rates, will likely drive future espionage operations against the healthcare industry,” Boland said.
Mandiant, a unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. 

The U.S. issued indictments against five military officials who were purported to be members of that group.

Chinese Aggressions

China Hacked South Korea Over Missile Defense
By Jonathan Cheng in Seoul and Josh Chin in Beijing

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean. 
Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, despite Beijing’s denial of retaliation against Seoul over the issue.
In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview.
The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.
While FireEye and other cybersecurity experts say Chinese hackers have long targeted South Korea, they note a rise in the number and intensity of attacks in the weeks since South Korea said it would deploy Terminal High-Altitude Area Defense, or Thaad, a sophisticated missile-defense system aimed at defending South Korea from a North Korean missile threat.
China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. 

The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.
One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. 

FireEye believes the other, known as APT10, is linked to other Chinese military or intelligence units.
China’s Ministry of Defense said this week Beijing has consistently opposed hacking, and that the People’s Liberation Army “has never supported any hacking activity.” 

China has said it is itself a major hacking victim but has declined to offer specifics.
The two hacking groups gained access to their targets’ systems by using web-based intrusions, and by inducing people to click on weaponized email attachments or compromised websites. 

He declined to offer more specific details.

HACK ATTACKS
Recent cyberattacks attributed to Chinese state-backed groups.

• Since February Spear-phishing* and watering hole** attacks were conducted against South Korean government, military and commercial targets connected to a U.S. missile defense system.
• February, March Attendees of a board meeting at the National Foreign Trade Council were targeted with malware through the U.S. lobby group’s website.
• Since 2016 Mining, technology, engineering and other companies in Japan, Europe and North America were intruded on through third-party IT service providers.
• 2014-2015 Hackers penetrated a network of U.S. Office of Personnel Management to steal records connected to millions of government employees and contractors.
• 2011-2012 South Korean targets, including government, media, military and think tanks were targeted with spear-phishing attacks.
• *Sending fraudulent emails made to look as if they come from a trusted party in order to trick a target into downloading malicious software.
• **A strategy in which the attacker guesses or observes which websites​ a targeted​ group often uses and infects them with malware ​to infect the group’s network..
• Sources: FireEye, Trend Micro, Fidelis, PricewaterhouseCoopers and BAE Systems, WSJ reporting

Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.
South Korea’s Ministry of Foreign Affairs said last month that its website was targeted in a denial-of-service attack—one in which a flood of hacker-directed computers cripple a website—that originated in China.
A spokesman said that “prompt defensive measures” ensured that the attacks weren’t effective, adding that it was maintaining an “emergency service system” to repel Chinese hackers.
The ministry this week declined to comment further, or to say which cybersecurity firm it had employed or whether he thought the attacks were related to Thaad.
Another cybersecurity company, Russia’s Kaspersky Lab ZAO, said it observed a new wave of attacks on South Korean targets using malicious software that appeared to have been developed by Chinese speakers starting in February.
The attackers used so-called spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, said Park Seong-su, a senior global researcher for Kaspersky. 

The company typically declines to attribute cyberattacks and said it couldn’t say if the recent ones were related to Thaad.
The two hacking groups with ties to Beijing have been joined by other so-called hacktivists—patriotic Chinese hackers acting independently of the government and using names like the “Panda Intelligence Bureau” and the “Denounce Lotte Group,” Mr. Hultquist said.
South Korea’s Lotte Group has become a particular focus of Chinese ire after the conglomerate approved a land swap this year that allowed the government to deploy a Thaad battery on a company golf course.
Last month, just after the land swap was approved, a Lotte duty-free shopping website was crippled by a denial-of-service attack, said a company spokeswoman, who added that its Chinese website had been disrupted with a virus in February. 

She declined to comment on its source.
China’s Ministry of Foreign Affairs didn’t respond to questions about the website attacks. 

The ministry has previously addressed Lotte’s recent troubles in China by saying that the country welcomes foreign companies as long as they abide by Chinese law.
The U.S. has also accused Chinese state-backed hacking groups of breaking into government and commercial networks, though cybersecurity firms say such activity has dropped since the two nations struck a cybersecurity deal in 2015.
The two Chinese hacking groups named by FireEye are suspected of previous cyberattacks.
FireEye linked Tonto Team to an earlier state-backed Chinese hacking campaign, identified by Tokyo-based cybersecurity firm Trend Micro Inc. in 2012, which focused on South Korea’s government, media and military. 

Trend Micro declined to comment.
Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. 

One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.
Because of the new scrutiny from that report, FireEye said in a recent blog post that APT10 was likely to lay low, though in the longer run, it added, “we believe they will return to their large-scale operations, potentially employing new tactics, techniques and procedures.”