APT10 Cloud Hopper and RedLeaves

APT10, also known as menuPass team, Red Apollo, and Stone Panda, is believed to be a China-based threat actor. Targets for this attack have predominantly focused on MSPs and Japanese organizations, it was also determined that other countries were targeted. This threat actor is known to use several Remote Access Tools, to imitate signatures or properties of a legitimate Microsoft file, as well as Microsoft Office documents that contain malicious codes that exploit system vulnerabilities.

The following case study conducted by LIFARS cyber resiliency team focuses on RedLeaves, which is a malware payload. It consist of three parts that are perceived as harmless. Read more on how the LIFARS Cyber Resilience team remediates the attack upon a global medical manufacturing firm.

In this case study, you will learn:

  • Three parts of RedLeaves
  • RedLeaves Process Path
  • How RedLeaves communicates
  • How LIFARS team identified seven systems of interest in the firm’s memory
  • The result and LIFARS team’s performance

For any questions, please contact our LIFARS Engagement Consultants for advice on protecting your organization.