Pavel Ignatov - Fotolia
This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients.
Managed service providers have found themselves in a vulnerable position thanks to a nation-state hacking group known as APT10.
When the U.S. Department of Justice announced the indictments of two Chinese nationals accused of being members of APT10, it also released details of the group's extensive hacking campaign to steal intellectual property and trade secrets from a variety of vertical industries. According to the Department of Justice, APT10 hackers didn't attack those enterprises directly -- they hacked into their managed service providers (MSPs) instead and used the MSPs' access to reach into enterprise networks and steal data.
While APT10 has been identified as a state-sponsored threat group, the techniques used in the MSP campaign were fairly simple. Instead of using zero-day vulnerabilities and advanced hacking tools, the threat actors used spear phishing emails and customized versions of existing malware to achieve their goals.
How did the MSPs miss the malicious activity in their own networks, as well as in customer environments? What does this campaign mean for the MSP model overall? How serious is the nation-state hacking threat from China? In this episode of the Risk & Repeat podcast, SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on APT10.