APT10 / Stone Panda / MenuPass

APT10 is a PRC state-sponsored group operating on behalf of the Ministry of State Security Tianjin Bureau. The group is best known for Operation Cloud Hopper — a systematic campaign targeting managed service providers to gain access to their clients' networks. Two members were indicted by the US DOJ in 2018.

Attribute	Detail
Names	APT10 / Stone Panda / MenuPass
Attribution	PRC State-Sponsored (MSS / Tianjin Bureau)
Active Since	2006
Primary Focus	Cloud Hopper campaign targeting MSPs. Long-running espionage operations.

Overview

Attribution

APT10 / Stone Panda / MenuPass is attributed to PRC State-Sponsored (MSS / Tianjin Bureau), active since at least 2006. Cloud Hopper campaign targeting MSPs. Long-running espionage operations.

Notable Campaigns

Operation Cloud Hopper — MSP supply chain campaign (2014-2017)
Japanese government and defense sector targeting
Healthcare and pharmaceutical sector espionage
US Navy personnel data theft (130,000+ records)
European aerospace and engineering targeting

MITRE ATT&CK Mapping

Technique ID	Technique	Confidence
`T1199`	Trusted Relationship	High
`T1078`	Valid Accounts	High
`T1071`	Application Layer Protocol	High
`T1048`	Exfiltration Over Alternative Protocol	High
`T1059`	Command and Scripting Interpreter	High

Detection & Defense

Recommended Defenses

Monitor for the TTPs listed above using your SIEM and EDR platforms. Prioritize patching of internet-facing applications and enforce MFA on all remote access. Mjolnir Security provides continuous threat hunting and monitoring for APT10 activity patterns.

Mjolnir Security — Threat Intelligence & Response

Mjolnir Security provides 24/7 threat monitoring, incident response, and threat intelligence services. Contact us for threat hunting specifically targeting APT10 TTPs in your environment.

Threat Hunting Incident Response Threat Intelligence SOC-as-a-Service

mjolnirsecurity.com — 24/7 Incident Response Hotline: +1 833 403 5875