The Chinese government-linked hacking group APT10 is continuing its campaign against US and European businesses with increasingly sophisticated tactics and strategies, warn officials from the Department of Homeland Security.
The group is thought to be responsible for recent cyber-espionage campaigns against a U.S. law firm, an international apparel company, and Visma, a major Norwegian software firm according to a report from security firms Recorded Future and Rapid7.
“In all three incidents, the attackers gained access to networks through deployments of Citrix and LogMeIn remote-access software using stolen user credentials. The attackers then enumerated access and conducted privilege escalation on the victim networks, utilizing DLL sideloading techniques documented in a US-CERT alert on APT10 to deliver malware,” stated the report.
APT10 has historically utilized supply chain attacks in order to steal intellectual property and industrial secrets from U.S and European-based technology firms, such as the cyberattack on Airbus earlier this year. The primary targets of their data theft has closely aligned with the Chinese government’s stated 2025 priorities to gain dominance in emerging technologies including satellites, aviation, and telecommunications.
The hacking group’s increasingly sophisticated methods has U.S. government officials worried.
“Their strategies have shifted from labor-intensive, one-off compromises of individual targets to the use of the force-multiplier effects that enable them to compromise multiple targets through a single attack,” said DHS cyber official Rex Booth.
APT10’s hacking campaign comes during a prolonged period of tension between the United States and China and a recent indictment of two of its members.
