WASHINGTON, D.C. – The U.S. Government is announcing that a group of Chinese cyber actors, known publicly as APT 10, is carrying out a campaign of cyber-enabled theft targeting global managed service providers, cloud service providers, and their clients.  APT 10 is operating on behalf of the Chinese Ministry of State Security. Over the past four years APT 10 compromised and gained extensive access to multiple U.S. and global managed service and cloud providers.  They infiltrated these providers’ clients, including global companies located in at least 12 countries. The U.S. Government is taking steps to mitigate the impacts of this activity and hold the Chinese government accountable for these unacceptable actions.

“As the Secretary for the Sector Specific Agency for cybersecurity in the energy sector, I have no higher priority than protecting our nation’s energy infrastructure against the threat of cyberattacks,” said Secretary of Energy Rick Perry. “Malicious actors are conducting sophisticated attacks to threaten our Nation’s critical infrastructure. Today’s announcement affirms our government’s vigilance and resolve to respond swiftly and forcefully against those who would use technology to threaten our way of life.”

Since at least 2014, APT 10 compromised the administrative credentials of managed service providers and then infiltrated their clients’ networks.  Using a mix of sophisticated custom malware and off-the-shelf applications, they stole intellectual property and other confidential business information.  APT 10 targeted information from companies responsible for critical infrastructure, including entities in the information technology, energy, healthcare and public health, communications, and critical manufacturing sectors.

“In our capacity to protect and coordinate with the energy sector, the Department of Energy is dedicated to working with our government and industry partners to strengthen the preparedness and resilience of both the electricity and oil and natural gas sectors,” said Karen S. Evans, Assistant Secretary for Cybersecurity, Energy Security and Emergency Response (CESER). “As the Sector Specific Agency, DOE’s CESER is committed to addressing these aggressive cybersecurity threats and keeping the nation’s critical energy infrastructure safe and secure.”

We encourage those affected, or who want to know more, to please visit www.us-cert.gov/china.