Formation | c. 2003–2005[1] |
---|---|
Type | Advanced persistent threat |
Purpose | Cyberespionage, cyberwarfare |
Region | China |
Methods | Zero-days, Phishing, backdoor (computing), RAT, Keylogging |
Official language | Chinese |
Parent organization | Tianjin State Security Bureau of the Ministry of State Security |
Formerly called | APT10 Stone Panda MenuPass RedLeaves CVNX POTASSIUM |
Red Apollo (also known as APT 10 by Mandiant, MenuPass by Fireeye, Stone Panda by Crowdstrike, and POTASSIUM by Microsoft)[1][2] is a Chinese state-sponsored cyberespionage group which has operated since 2006. In a 2018 indictment, the United States Department of Justice attributed the group to the Tianjin State Security Bureau of the Ministry of State Security.[3]
The team was designated an advanced persistent threat by Fireeye, who reported that they target aerospace, engineering, and telecom firms and any government that they believe is a rival of China.
Fireeye stated that they could be targeting intellectual property from educational institutions such as a Japanese university and is likely to expand operations into the education sector in the jurisdictions of nations that are allied with the United States.[4] Fireeye claimed that they were tracked since 2009, however because of the low-threat nature they had posed, they were not a priority. Fireeye now describes the group as "a threat to organizations worldwide."[4]