The United States Department of Homeland Security (DHS) this week issued an alert on ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs).
The activity, DHS says, involves attempts to infiltrate the networks of global MSPs, which provide remote management of customer IT and end-user systems.
The use of MSP increases an organization’s virtual enterprise infrastructure footprint, but also creates a large attack surface for cyber criminals and nation-state actors, DHS’ United States Computer Emergency Readiness Team (US-CERT) points out.
The newly released alert, TA18-276B, is related to activity that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) warned about in April 2017.
The same activity was associated by security firms with a Chinese actor referred to as APT10, but which is also known as menuPass and Stone Panda. The group is believed to be state-sponsored.
Tracked since 2009, the group has historically targeted mainly Japanese entities. Last year, the group was observed targeting entities in at least fourteen countries, including the website of a prominent U.S. trade association.
The threat actor is known for the use of a broad range of malware families, including the PlugX RAT, ChChes, Quasar, RedLeaves, the UPPERCUT backdoor, NetTraveler (aka TravNet), and ZeroT.
“Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing,” DHS’ new alert reads.
DHS’ new technical alert also includes information on the protective measures organizations should take to mitigate the risks associated with their MSP, which could expose them to APT activity.
These include restricting access to networks and systems, using a dedicated Virtual Private Network (VPN) for MSP connection, using firewalls, implement best practices for password and permission management, and incorporate operational controls.
Related: China-linked APT10 Hackers Update Attack Techniques
Related: Operation Cloud Hopper: China-based Hackers Target Managed Service Providers

More from Ionut Arghire
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
