Commentary from Michael Shepherd, Regional Managing Director, ANZ at BAE Systems Applied Intelligence
“Apt10 recently launched an unprecedented campaign with the malicious goal of syphoning customer data off major MSP networks. The cyber espionage group has specifically targeted these providers due to the sensitive and valuable nature of the data they hold for organisations. By infiltrating an MSP, cyber criminals can steal intellectual property and corporate material of organisations.”
“We identified APT10, also known as CVNX, Red Apollo, Stone Panda, menuPass Team, and POTASSIUM, as the culprits behind this attack. First identified in 2013, the group has been largely dormant from 2014 to mid-last year. They’re back.”
“This attack is a clear example of the need for supply chain risk management which sits jointly across procurement, legal, and the security functions of an organisation. This risk management needs to work two ways to be effective, and we encourage procurement teams to have open communication with their suppliers in order to continuously improve security.”
