APT / THREAT GROUP🕵️ ESPIONAGE

APT10

🇨🇳China-attributed
1
campaigns
18
aliases
Last seen:Mar 17, 2026

Intelligence Profile

[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)

[menuPass](https://attack.mitre.org/groups/G0045) has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.(Citation: Palo Alto menuPass Feb 2017)(Citation: Crowdstrike CrowdCast Oct 2013)(Citation: FireEye Poison Ivy)(Citation: PWC Cloud Hopper April 2017)(Citation: FireEye APT10 April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Threat Analysis

APT10 is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Known Campaigns

APT10 — Active Operations March 2026

APT10 is a unknown-motivation threat actor attributed to China. menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology De...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Origin🇨🇳 China
Aliases18
SourceMalpedia

Also Known As

Cloud HopperPurple TyphoonSTONE PANDARed ApolloStone PandaTA429POTASSIUMCVNXmenuPassAPT10Granite TaurusCicadaATK41happyyongziG0045BRONZE RIVERSIDEMenupass TeamHOGFISH

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.